I am having a problem getting my saved_search to return all the results. I have the code snippet below:
saved_search = service.saved_searches["saved search name"]
job = saved_search.dispatch(:count=>0)
while !job.is_done?()
sleep(1)
end
stream = job.results(:count => 0)
results = Splunk::ResultsReader.new(stream)
count = 0
results.each do |result|
count += 1
end
This will end up having count = 100 which is not the right number. However, when I run THIS code:
stream = service.create_oneshot("full query written out", :count => 0)
results = Splunk::ResultsReader.new(stream)
count = 0
results.each do |result|
count += 1
end
I get a count = 538, which is the right answer. Clearly I am not telling the saved_search to give me back ALL the results, but I am not sure what I am doing wrong. I don't want to use the one_shot method because I would then have to keep the search query up to date in two separate places. I am new to ruby, so I could very well be making a dumb mistake somewhere.
Congratulations, you've found a bug in the SDK! Your code is fine, though you only need the :count=>0 on the call to results, not to dispatch.
We'll get a bugfix release out, but for the moment you can install the SDK from the develop branch of the GitHub repository and your code should work.
Congratulations, you've found a bug in the SDK! Your code is fine, though you only need the :count=>0 on the call to results, not to dispatch.
We'll get a bugfix release out, but for the moment you can install the SDK from the develop branch of the GitHub repository and your code should work.