Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Powershell Resource kit Search has Max 100 results

jkcouch
Explorer
‎07-31-2012 12:56 PM

I have been playing around with the powershell resource kit, trying to use it as a searching interface to use with automation. I am trying to get results in exess of 100 events. Even with the use of the -MaxReturnCount option, it only returns up to 100 (allows to decrease from 100, but not increase above). I have found several other posts on modifying this but not in the powershell resource kit.

As I look at the splunk-core .psm1 file i can see where we could edit the $PostString variable, but thought I should report this as a possible bug.

Example script:

$credential = Get-Credential
Connect-Splunk -Credential $credential –ComputerName Computername
$connection = Get-SplunkConnectionObject
$search = $Connection | Search-Splunk -Search 'source="PS_VMHost_Config" earliest=-10d@d latest=now'-MaxTime 30 -MaxReturnCount 30 -Verbose

Any assistance would be great!

Tags (3)
Reply

cohatch
Engager
‎12-11-2012 09:08 AM

It seems the powershell parameter maxreturncount creates the header addition "max_count=" when it should simply add "count="

Reply

halr9000
Motivator
‎01-03-2013 08:07 AM

Fix committed. Test please! https://github.com/splunk/splunk-reskit-powershell/archive/master.zip

0 Karma
Reply

halr9000
Motivator
‎01-03-2013 08:05 AM

TY Drainy 🙂

0 Karma
Reply

Drainy
Champion
‎01-03-2013 08:02 AM

Switcharooed to an answer

0 Karma
Reply

halr9000
Motivator
‎01-03-2013 07:57 AM

@cohatch, why don't you type this up as an Answer so that others can vote on it. I assume that you are talking about changing splunk-search.psm1, line 93 from "max_count" to "count", correct? Write that up as an answer, confirm that you've tested it, and I'll commit it to Github. TIA

Reply

bsonposh
Communicator
‎07-31-2012 01:22 PM

Thanks jkcouch. I will get this fixed. I thought we added an override for this but I believe you are you correct.

0 Karma
Reply

jkcouch
Explorer
‎01-03-2013 07:49 AM

cohatch - that fixed it for me too. Thanks!

0 Karma
Reply

cohatch
Engager
‎12-11-2012 06:17 AM

Any update on this? Thanks.

0 Karma
Reply

jkcouch
Explorer
‎07-31-2012 01:24 PM

Thanks Brandon!

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...