Splunk Search

I am trying to run CLI searches and output it to a file but its only giving 100 results.

jsuryaprakash
Path Finder

Hello Everyone,

I am trying to run below query everyday at 6AM through CLI and output the result to new text file. But it's returning only 100 results. I also tried maxout but its not working and giving me some error, I might be missing something here . Can someone help me to get unlimited results for the query below.

/opt/splunk/bin/splunk search 'index =main sourcetype=employee_data_hcprd earliest=-24h@h latest=now |search HR_STATUS="I" | table EMPLID' > /opt/jobdata.txt

Thanks.
Surya

Tags (1)
0 Karma

jowenssi
Path Finder

The new query would be:

/opt/splunk/bin/splunk search "index =main sourcetype=employee_data_hcprd earliest=-24h@h latest=now |search HR_STATUS=\"I\" | table EMPLID"  -maxout 0 > /opt/jobdata.txt

Ayn
Legend

You need the -maxout switch. By default the CLI will only output 100 results but by using this switch you change that. Set it to 0 if you want to output unlimited results.

https://docs.splunk.com/Documentation/Splunk/7.1.0/Search/ExportdatausingCLI

jsuryaprakash
Path Finder

Hi Ayn,

I tried it but its but still its returning the 100 results. Can you modify my above query where exactly to add -maxout switch .

0 Karma

jsuryaprakash
Path Finder

Thanks , got it working.

0 Karma

jowenssi
Path Finder

The new query would be:

/opt/splunk/bin/splunk search "index =main sourcetype=employee_data_hcprd earliest=-24h@h latest=now |search HR_STATUS="I" | table EMPLID"  -maxout 0 > /opt/jobdata.txt
0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...