Re: How come our API results are only returning th...

aksharp · ‎03-04-2019

I'm trying to get the number of hosts reporting to Splunk via API, but the a normal curl -k is only able to return 100 results.

I tried adding the "count=0" parameter, but it just gives me 100 and cannot go further.

My search strings below.

curl -u user:passwd -k https://XXXX:8089/services/search/jobs -d search="metadata%20type%3Dhosts"
url -u user:passwd -k https://XXXX:8089/services/search/jobs/md_1551723351.24391/results?output_mode=csv&count=0

Any help is appreciated

vandelin · ‎05-26-2020

This is how I got mine to work, not sure the difference between mine and yours, but this worked for me
curl -k -u 'username:password' "https://api.company.com:443/services/search/jobs/$sidkey/results?count=0&output_mode=csv"

my sidkey is just the sid within a variable , change it to a valid sid

somesoni2 · ‎03-04-2019

Try like this

curl -k -u user:passwd -k https://XXXX:8089/services/search/jobs/md_1551723351.24391/results --get  -d count=0 -d output_mode=json

Reference: https://docs.splunk.com/Documentation/Splunk/6.2.6/RESTREF/RESTsearchExamples#search.2Fjobs.2F.7Bsea...

How come our API results are only returning the first 100 results for metadata?

other

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!