×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
bdhin
New Member
Member since: ‎06-03-2019
‎06-05-2020
Community Statistics
Posts 6
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎06-03-2019
Activity Feed
View All

Re: search returns only 50000 events

by in Splunk Dev
‎06-06-2019 02:13 AM
‎06-06-2019 02:13 AM
Try below query (change query , time range , IP based on your requirement) and you need to download Splunk Python SDK to run this script import sys import getpass import json sys.path.append('splunk-sdk-python-1.6.4') import splunklib.client as client import splunklib.results as results splunkUser = raw_input("Enter Splunk Username: ") splunkPassword = getpass.getpass("Enter Splunk Password: ") splunkService = client.connect(host='<IP>', port=8089, username=splunkUser, password=splunkPassword, verify=0) kwargs_export = {"earliest_time": "-15m", "latest_time": "now", "search_mode": "normal"} job = splunkService.jobs.export("search index=_internal | stats count by host,sourcetype", **kwargs_export) rr = results.ResultsReader(job) f = open('results.txt', 'w') for result in rr: if isinstance(result, dict): a = json.dumps(dict(result)) f.write(a) assert rr.is_preview == False f.close() ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM