I'm using Splunk's Java SDK to get Splunk events, and the problem I'm facing is that Splunk only returns a maximum of 100 events, even if the search originally contains more than 100 events. How can I get all the events instead of just the 100 latest ones ?
I'm calling a one-shot search like this:
ServiceArgs loginArgs = new ServiceArgs();
loginArgs.setUsername(USERNAME_HERE);
loginArgs.setPassword(PASSWORD_HERE);
loginArgs.setHost(HOSTURL_HERE);
loginArgs.setPort(PORT_HERE);
HttpService.setSslSecurityProtocol(SSLSecurityProtocol.TLSv1_2);
Service service = Service.connect(loginArgs);
String searchQuery_normal = SEARCH_STRING_HERE;
JobArgs jobargs = new JobArgs();
jobargs.setExecutionMode(JobArgs.ExecutionMode.BLOCKING);
Job job = service.getJobs().create(searchQuery_normal, jobargs);
//job only contains 100 events maximum
Doing an online search revealed that doing this before calling the search might help, but it doesn't -- I still get only 100 of the newest events, not all:
jobArgs.setAutoFinalizeEventCount(0);
↧