Solved: Increasing number of events returned in REST api i...

shahhe · ‎01-28-2011

Folks,

I wrote perl script to run search on remote splunk server. By default the search only returns first 100 events. How can I increase the limit without changing configuration on the server?

Is tried to use max_count but it does not have any effect:

my $response = $browser->post( $url, [ 'search' => $searchQuery, 'max_count' => 10000 ])

Thanks.

Ayn · ‎01-28-2011

What URL are you posting to? By default only 100 results are returned unless you specify "count" as a parameter in the URL, like this:

$url = "https://${splunkserver}:8089/services/search/jobs/${yourjobid}/results?count=0"

View solution in original post

Ayn · ‎01-28-2011

What URL are you posting to? By default only 100 results are returned unless you specify "count" as a parameter in the URL, like this:

$url = "https://${splunkserver}:8089/services/search/jobs/${yourjobid}/results?count=0"

Ayn · ‎01-28-2011

Great! Could you please mark the question as answered as it will pop up as unanswered on the site otherwise. Thanks.

shahhe · ‎01-28-2011

Thank you. That fixed the problem.

shahhe · ‎01-28-2011

If I use outputcsv in searhcQuery then it return all rows (more than 10000). It seems that splunk ignores the max_count value.

Increasing number of events returned in REST api in perl script

Data Management Digest – December 2025

Index This | What is broken 80% of the time by February?

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Join the Conversation

Increasing number of events returned in REST api in perl script

Data Management Digest – December 2025

Index This | What is broken 80% of the time by February?

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...