python 2.7 - Splunk query returns fewer results than expected -
i using command top 200 results splunk on my_field:
q = "search index=idx host=nets* mydomain.com | top limit=200 my_field"
when run in splunk, gives me 200 results. however, when run using splunk python sdk, 100 results.
service = client.connect(host=host, username=user, password=pass) extra_args = {"earliest_time": "-1h", "latest_time": "now"} q = "search index=idx host=nets* mydomain.com | top limit=200 my_field" res = service.jobs.oneshot(q, **extra_args) reader = results.resultsreader(res) top_jobs = [] row in reader: top_jobs.append(row['my_field']) print len(top_jobs) # returns 100, or number less 100 specified in query.
is there other way specify number of results?
Comments
Post a Comment