Solved: Increasing number of events returned in REST api i...

shahhe · ‎01-28-2011

Folks,

I wrote perl script to run search on remote splunk server. By default the search only returns first 100 events. How can I increase the limit without changing configuration on the server?

Is tried to use max_count but it does not have any effect:

my $response = $browser->post( $url, [ 'search' => $searchQuery, 'max_count' => 10000 ])

Thanks.

Ayn · ‎01-28-2011

What URL are you posting to? By default only 100 results are returned unless you specify "count" as a parameter in the URL, like this:

$url = "https://${splunkserver}:8089/services/search/jobs/${yourjobid}/results?count=0"

View solution in original post

Ayn · ‎01-28-2011

What URL are you posting to? By default only 100 results are returned unless you specify "count" as a parameter in the URL, like this:

$url = "https://${splunkserver}:8089/services/search/jobs/${yourjobid}/results?count=0"

Ayn · ‎01-28-2011

Great! Could you please mark the question as answered as it will pop up as unanswered on the site otherwise. Thanks.

shahhe · ‎01-28-2011

Thank you. That fixed the problem.

shahhe · ‎01-28-2011

If I use outputcsv in searhcQuery then it return all rows (more than 10000). It seems that splunk ignores the max_count value.

Increasing number of events returned in REST api in perl script

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Data Management Digest – May 2026

Join the Conversation