Re: How come our API results are only returning th...

aksharp · ‎03-04-2019

I'm trying to get the number of hosts reporting to Splunk via API, but the a normal curl -k is only able to return 100 results.

I tried adding the "count=0" parameter, but it just gives me 100 and cannot go further.

My search strings below.

curl -u user:passwd -k https://XXXX:8089/services/search/jobs -d search="metadata%20type%3Dhosts"
url -u user:passwd -k https://XXXX:8089/services/search/jobs/md_1551723351.24391/results?output_mode=csv&count=0

Any help is appreciated

vandelin · ‎05-26-2020

This is how I got mine to work, not sure the difference between mine and yours, but this worked for me
curl -k -u 'username:password' "https://api.company.com:443/services/search/jobs/$sidkey/results?count=0&output_mode=csv"

my sidkey is just the sid within a variable , change it to a valid sid

somesoni2 · ‎03-04-2019

Try like this

curl -k -u user:passwd -k https://XXXX:8089/services/search/jobs/md_1551723351.24391/results --get  -d count=0 -d output_mode=json

Reference: https://docs.splunk.com/Documentation/Splunk/6.2.6/RESTREF/RESTsearchExamples#search.2Fjobs.2F.7Bsea...

How come our API results are only returning the first 100 results for metadata?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Index This | What travels the world but is also stuck in place?

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

Join the Conversation