I am exactly doing the same as below.. Running the same query manually I get 5 Million as Total count but running through the below code returns only 4 Million as Total count.
import splunklib.results as results
kwargs_oneshot = {"earliest_time": "2014-06-19T12:00:00.000-07:00",
"latest_time": "2014-06-20T12:00:00.000-07:00"}
searchquery_oneshot = "index=SearcherIndex NOT "health" | stats count"
oneshotsearch_results = service.jobs.oneshot(searchquery_oneshot, **kwargs_oneshot)
Get the results and display them using the ResultsReader
reader = results.ResultsReader(oneshotsearch_results)
for item in reader:
print(item)
... View more