Splunk Search
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Is there a truncation limit when running a search ...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
immortalraghava
Path Finder
01-19-2015
09:50 AM
Hi in our application we run searches in the following ways. And we suspect some discrepancy when using splunk.search.dispatch
Enter the query in the search page and run it. Here the search query runs fully and returns more than 50,000 events.
Run Scheduled Saved Searches using savedsearches.conf which collects data into another index. Here also the query runs fully and inserts all events into the index.
Running search in python using
splunk.saved.dispatchSavedSearchThe query runs fine and the events are collected to index without gettting truncated.Running search in python using
splunk.search.dispatchand save the results csv as string. Here when the results are more than 50,000 or something it gets truncated. I am not sure about the count though but definitely there is some discrepancy in the search results.
What can go wrong with splunk.search.dispatch ?
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
strive
Influencer
01-20-2015
04:58 AM
The REST API has limitation in sending the search results...
Refer these links for more details and sample implementation
http://answers.splunk.com/answers/52782/100-result-limit-in-js-sdk.html
http://dev.splunk.com/view/python-sdk/SP-CAAAEK2
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
strive
Influencer
01-20-2015
04:58 AM
The REST API has limitation in sending the search results...
Refer these links for more details and sample implementation
http://answers.splunk.com/answers/52782/100-result-limit-in-js-sdk.html
http://dev.splunk.com/view/python-sdk/SP-CAAAEK2
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
strive
Influencer
01-20-2015
04:59 AM
Get Updates on the Splunk Community!
Dashboards: Hiding charts while search is being executed and other uses for tokens
There are a couple of features of SimpleXML / Classic dashboards that can be used to enhance the user ...
Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...
This is the fourth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how ...
Brains, Bytes, and Boston: Learn from the Best at .conf25
When you think of Boston, you might picture colonial charm, world-class universities, or even the crack of a ...
