Splunk Search

Is there a truncation limit when running a search using splunk.search.dispatch?

immortalraghava
Path Finder

Hi in our application we run searches in the following ways. And we suspect some discrepancy when using splunk.search.dispatch

  1. Enter the query in the search page and run it. Here the search query runs fully and returns more than 50,000 events.

  2. Run Scheduled Saved Searches using savedsearches.conf which collects data into another index. Here also the query runs fully and inserts all events into the index.

  3. Running search in python using splunk.saved.dispatchSavedSearch The query runs fine and the events are collected to index without gettting truncated.

  4. Running search in python using splunk.search.dispatch and save the results csv as string. Here when the results are more than 50,000 or something it gets truncated. I am not sure about the count though but definitely there is some discrepancy in the search results.

What can go wrong with splunk.search.dispatch ?

1 Solution
Get Updates on the Splunk Community!

Stay Connected: Your Guide to July and August Tech Talks, Office Hours, and Webinars!

Dive into our sizzling summer lineup for July and August Community Office Hours and Tech Talks. Scroll down to ...

Edge Processor Scaling, Energy & Manufacturing Use Cases, and More New Articles on ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Get More Out of Your Security Practice With a SIEM

Get More Out of Your Security Practice With a SIEMWednesday, July 31, 2024  |  11AM PT / 2PM ETREGISTER ...