Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Is there a truncation limit when running a search using splunk.search.dispatch?

immortalraghava
Path Finder
‎01-19-2015 09:50 AM

Hi in our application we run searches in the following ways. And we suspect some discrepancy when using splunk.search.dispatch

  1. Enter the query in the search page and run it. Here the search query runs fully and returns more than 50,000 events.

  2. Run Scheduled Saved Searches using savedsearches.conf which collects data into another index. Here also the query runs fully and inserts all events into the index.

  3. Running search in python using splunk.saved.dispatchSavedSearch The query runs fine and the events are collected to index without gettting truncated.

  4. Running search in python using splunk.search.dispatch and save the results csv as string. Here when the results are more than 50,000 or something it gets truncated. I am not sure about the count though but definitely there is some discrepancy in the search results.

What can go wrong with splunk.search.dispatch ?

Reply
1 Solution
Get Updates on the Splunk Community!

Splunk Observability Cloud’s AI Assistant in Action Series: Analyzing and ...

This is the second post in our Splunk Observability Cloud’s AI Assistant in Action series, in which we look at ...

Elevate Your Organization with Splunk’s Next Platform Evolution

 Thursday, July 10, 2025  |  11AM PDT / 2PM EDT Whether you're managing complex deployments or looking to ...

Splunk Answers Content Calendar, June Edition

Get ready for this week’s post dedicated to Splunk Dashboards! We're celebrating the power of community by ...
Top