Re: How to retrieve more than 100 record in search...

chrismok · ‎10-18-2014

Currently, the dashboard is build in HTML dashboard with javascript, but I found that the searchmanager is only return not more than 100 rows in js. May I know how to control the return no.

 var r = searchmanager1.data('results');
 searchmanager1.on('search:done', function(state,job) {

    console.log('total:' + state.content.resultCount); //Return 270 or more

});

r.on('data', function(results) {
        console.log('length:' + r.data().rows.length); // Only return 100
    });

AndrewEvelopers · ‎11-09-2014

Uh I've found it on some github code:

searchManager.data('results', {count: 0, output_mode: 'json'}).on('data', parseData);

bhawkins1 · ‎01-17-2017

In my case I had to use 'json_rows', like so:

searchManager.data('results', {count: 0, output_mode: 'json_rows'}).on('data', parseData);

akath_splunk · ‎08-27-2016

Thank you! This answer saved me a lot of time 🙂

sibrahim · ‎08-10-2015

I signed in just so I could say thank you, you have saved me a whole lot of stress.

AndrewEvelopers · ‎11-09-2014

Same problem. No ideas?

How to retrieve more than 100 record in searchmanager

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

.conf24 | Personalize your .conf experience with Learning Paths!

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...