Splunk Search

Feels like "return" command should support argument of 0 (all). Thoughts?


When performing subsearches using the return command, I am often disgusted with myself for employing a not-future-proof strategy of hard-coding an arbitrarily high count of count of records (say 9999) to return to my primary command.

Does anyone else sense a logical break in use of the return command in this regard?

Can you think of any cons to adding an option to return 0 (all) results?

Tags (1)
0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) v3.54.0

The Splunk Threat Research Team (STRT) recently released Enterprise Security Content Update (ESCU) v3.54.0 and ...

Using Machine Learning for Hunting Security Threats

WATCH NOW Seeing the exponential hike in global cyber threat spectrum, organizations are now striving more for ...

New Learning Videos on Topics Most Requested by You! Plus This Month’s New Splunk ...

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...