Hi in our application we run searches in the following ways. And we suspect some discrepancy when using splunk.search.dispatch

1. Enter the query in the search page and run it. Here the search query runs fully and returns more than 50,000 events.

2. Run Scheduled Saved Searches using savedsearches.conf which collects data into another index. Here also the query runs fully and inserts all events into the index.

3. Running search in python using splunk.saved.dispatchSavedSearch The query runs fine and the events are collected to index without gettting truncated.

4. Running search in python using splunk.search.dispatch and save the results csv as string. Here when the results are more than 50,000 or something it gets truncated. I am not sure about the count though but definitely there is some discrepancy in the search results.

What can go wrong with splunk.search.dispatch ?