I'm using API call to retrieve results of the job search/jobs/{search_id}/results
.
I'm running the following command:
curl -u admin:password -k "https://<HOST>/rest/services/search/jobs/<JOB_NUMBER>/results?count=1&output_mode=json"
But, no matter what, when I put for count
param (0, 1, "asadafa", etc.) I get 100 events (which is default value).
Can there be some Splunk server configuration which makes the count
parameter ignored? When I run the query on other Splunk instance it works as expected.
Splunk version: 6.6.6
The server which I'm trying connect to has an endpoint https://<HOST>/rest
, which probably redirects to Splunk management API port.
Can't you connect directly on splunk management port instead of redirecting from https://<HOST>/rest
I am using below command on SPlunk 7.1.2 and it is returning all values (I have more than 3K events in results and all returning in JSON)
curl -k -u admin:password "https://<SPLUNK_SERVER>:8089/services/search/jobs/<JOB_ID>/results?count=0&output_mode=json"
Hi @kleszczynski,
Can you try max_count option while creating search (not while getting the result)?
Hi @kleszczynski, Can you try adding count and output_mode=json into data option in curl?
Do you mean -d count=1 -d output_mode=json
? I've already tried it - the issue remains the same.