Join the Conversation
- Find Answers
- :
- Using Splunk
- :
- Other Using Splunk
- :
- Reporting
- :
- Splunk Enterprise 7.03 Python SDK Pagination Help
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Good Morning,
I am working with:
Splunk Version
7.0.3
Splunk Build
fa31da744b51
I have built my search and when I run it in the dashboard, I see all 360 results that I am expecting; however, when I execute my saved search via the Python SDK I only get 100 results back. I believe it is related to pagination, but cannot figure out the correct parameters to solve the problem. Here is what I am running:
import splunklib.client as client
service = client.connect(
host=HOST,
port=PORT,
username=USERNAME,
password=PASSWORD)
...
mysavedsearch = service.saved_searches[splunk_report]
# Run the saved search
job = mysavedsearch.dispatch()
for result in results.ResultsReader(job.results()):
. .........process the response.
I see reference to count in other posts but mostly when executing a search not a saved_search. Any advice on what parameter to use would be appreciated.
Thanks.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey,
Good news, the fix is very easy!
By default ResultsReader is limited to 100 raws, just add count=0 in job.results() arguments and you should get the whole thing!
for result in results.ResultsReader(job.results(count=0)):
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you very much! That did the trick.
Pete
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey,
Good news, the fix is very easy!
By default ResultsReader is limited to 100 raws, just add count=0 in job.results() arguments and you should get the whole thing!
for result in results.ResultsReader(job.results(count=0)):
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Announcing Modern Navigation: A New Era of Splunk User Experience
Modernize your Splunk Apps – Introducing Python 3.13 in Splunk
Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...
