Join the Conversation
- Find Answers
- :
- Apps & Add-ons
- :
- Splunk Development
- :
- Splunk Dev
- :
- Splunk-Python (requests.get) outputs only first 10...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I wrote the below python code, which is giving me only first 100 events.
I checked online docs, i saw "count = 0" as a solution, to get all results, but that option only works for Splunk SDK (splunklib.client.service)
I am using python's requests library.
Need help in looping/pagination of all the results of this search id (%sid)
import requests
import json
url = base_url + "/services/search/jobs/%s/results" % sid
headers = {
"content-type": "application/x-www-form-urlencoded",
"Authorization": "Splunk %s" % sessionkey
}
payload = {
"output_mode": "json"
}
res = requests.get(url, headers=headers, params=payload, verify = False)
result = json.loads(res.text)["results"]
print("length is %s" % len(result)) =================> Output here is 100
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
As soon as i posted this question, i found the answer.
Its indeed count = 0 the answer, as highlighted below.
Been struggling with this for 2 days. But answer is so simple.
url = base_url + "/services/search/jobs/%s/results" % sid
headers = {
"content-type": "application/x-www-form-urlencoded",
"Authorization": "Splunk %s" % sessionkey
}
payload = {
"output_mode": "json",
"count": 0
}
res = requests.get(url, headers=headers, params=payload, verify = False)
result = json.loads(res.text)["results"]
print("length is %s" % len(result))
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
As soon as i posted this question, i found the answer.
Its indeed count = 0 the answer, as highlighted below.
Been struggling with this for 2 days. But answer is so simple.
url = base_url + "/services/search/jobs/%s/results" % sid
headers = {
"content-type": "application/x-www-form-urlencoded",
"Authorization": "Splunk %s" % sessionkey
}
payload = {
"output_mode": "json",
"count": 0
}
res = requests.get(url, headers=headers, params=payload, verify = False)
result = json.loads(res.text)["results"]
print("length is %s" % len(result))
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions
Splunk Community Badges!
[Puzzles] Solve, Learn, Repeat: Matching cron expressions
