In your implementation, if dosearchjob method internally uses splunk.search.dispatch..
add maxEvents=30000000 to your **kwargs ..
i.e, splunk.search.dispatch(searchquery,sessionKey=sessionkey,hostPath=baseurl,earliestTime=earliestTime,latestTime=latestTime,maxEvents=30000000)
and use the below implementation
searchjob = dosearchjob(quey)
resultCount = searchjob.resultCount
offsetValue = 0
searchresults = ""
while offsetValue < resultCount:
searchresults = searchresults + str(searchjob.getFeed(mode='results', outputMode='csv',count=49999,offset=offsetValue))
offsetValue = offsetValue + 49999
Use whatever outputMode you want 🙂
... View more