Executive overview: We're using Splunk Cloud (Victoria Experience), and we're in the process of spinning up a new instance for FedRAMP purposes.
One thing I'm trying to do is streamline migrating of some of our custom sourcetypes from the existing environment to the new one. I'm able to perform a search via the console that returns a record containing all the details of a given sourcetype (This particular sourcetype has a few dozen EVAL-*, FIELDALIAS-*, and LOOKUP-* settings, so it's a pretty complex one.):
| rest /services/configs/conf-props | search title="sfdc:logfile"
If I try the above search via a POST to /services/search/v2/jobs/export (or the /servicesNS equivalent with either - wildcards or an explicit user & app) I don't get any of those EVAL-* etc. settings. The authentication token I'm using for the search was created by an admin user, and I've tried using that same admin user on the /servicesNS requests. Why am I only getting partial results via the API?
