使用splunk SDK:
kwargs_normalsearch = {"exec_mode": "normal"}
job = service.jobs.create(
QUERY_,
**kwargs_normalsearch
)
while not job.is_done():
print "."
print "is done: " + str(job.is_done())
print "scanCount: " + str(job["scanCount"])
print "eventCount: " + str(job["eventCount"])
print "resultCount: " + str(job["resultCount"])
此处的结果计数符合预期:877
但是,以下仅显示100元素
results = job.results()
print "are results empty? " + str(results.empty)
reader = splunk_results.ResultsReader(results)
print "Results are a preview: %s" % reader.is_preview
for item in reader:
print item
此处reader.is_preview为None
如何在循环中访问所有项目? 尝试没有成功:
results = job.disable_preview()