Getting Data In

Is there a way to paginate search results ?

lmeur
Engager

I'm able to limit number of results with "head ${number}" expression but what I need is to grab a page from a search job with REST Api (for example the 3rd page of 100 elements) to limit bandwith usage when we grab search results from Splunk REST Api.

Is there a way to do this with search language or Rest API or both ?

Ludovic.

Tags (2)
0 Karma
1 Solution

sideview
SplunkTrust
SplunkTrust

in the API you can specify an offset argument, and a count argument, and that will do the paging for you.

http://www.splunk.com/base/Documentation/latest/Developer/RESTSearch

More Advanced:: If you ever want to do really complex things where you actually transform the result set and then paginate the transformed result set you can do that too although it requires a lot more familiarity with the system to avoid certain pitfalls. In that case when you are making your GET request to the results endpoint, you would use the 'search' argument. This is called a 'postprocess search' fwiw. And you can combine the search with the offset and count args as well I believe they place nice together.

http://www.splunk.com/base/Documentation/latest/Developer/RESTSearch

View solution in original post

0 Karma

sideview
SplunkTrust
SplunkTrust

in the API you can specify an offset argument, and a count argument, and that will do the paging for you.

http://www.splunk.com/base/Documentation/latest/Developer/RESTSearch

More Advanced:: If you ever want to do really complex things where you actually transform the result set and then paginate the transformed result set you can do that too although it requires a lot more familiarity with the system to avoid certain pitfalls. In that case when you are making your GET request to the results endpoint, you would use the 'search' argument. This is called a 'postprocess search' fwiw. And you can combine the search with the offset and count args as well I believe they place nice together.

http://www.splunk.com/base/Documentation/latest/Developer/RESTSearch

0 Karma

organus
Explorer

The link seems to be broken.

0 Karma
Get Updates on the Splunk Community!

Synthetic Monitoring: Not your Grandma’s Polyester! Tech Talk: DevOps Edition

Register today and join TekStream on Tuesday, February 28 at 11am PT/2pm ET for a demonstration of Splunk ...

Instrumenting Java Websocket Messaging

Instrumenting Java Websocket MessagingThis article is a code-based discussion of passing OpenTelemetry trace ...

Announcing General Availability of Splunk Incident Intelligence!

Digital transformation is real! Across industries, companies big and small are going through rapid digital ...