问题
When executing a query via the splunk SDK, apparently the results are clipped after 100 entries. How to get around this limit?
I tried:
>job = service.jobs.create(qstring,max_count=0, max_time=0, count=10000)
>while not job.is_ready():
time.sleep(1)
>out = list(results.ResultsReader(job.results()))
>print(len(out))
100
but the same query in the splunk web interface produces over 100 lines of results.
回答1:
Try job.results(count=0) count=0 means no limit.
回答2:
Here is a hack which appears to work (but this is surely not the right way to do this):
in splunklib.binding
HttpLib.get and HttpLib.post, add the following line to the beginning of each method:
kwargs['count'] = 100000
来源:https://stackoverflow.com/questions/27492425/how-do-i-evade-the-limit-of-100-entries-in-python-splunk-query