Skip to content Skip to sidebar Skip to footer
Home / Python / Splunk

How Do I Evade The Limit Of 100 Entries In Python Splunk Query

Post a Comment
When executing a query via the splunk SDK, apparently the results are clipped after 100 entries. How to get around this limit? I tried: >job = service.jobs.create(qstring,max_co

Solution 1:

Try job.results(count=0) count=0 means no limit.


Solution 2:

Here is a hack which appears to work (but this is surely not the right way to do this):

in splunklib.binding

HttpLib.get and HttpLib.post, add the following line to the beginning of each method:

kwargs['count'] = 100000

Post a Comment for "How Do I Evade The Limit Of 100 Entries In Python Splunk Query"