diff --git a/splunk_core/splunk_full.py b/splunk_core/splunk_full.py index b32f99a..6c29ba0 100644 --- a/splunk_core/splunk_full.py +++ b/splunk_core/splunk_full.py @@ -26,7 +26,7 @@ class Splunk(Integration): # These are the variables in the opts dict that allowed to be set by the user. # These are specific to this custom integration and are joined with the # base_allowed_set_opts from the integration base - custom_allowed_set_opts = ["splunk_conn_default", "splunk_default_earliest_time", "splunk_default_latest_time", "splunk_parse_times", "splunk_autologin"] + custom_allowed_set_opts = ["splunk_conn_default", "splunk_default_earliest_time", "splunk_default_latest_time", "splunk_parse_times", "splunk_autologin", "splunk_results_count_size"] myopts = {} myopts["splunk_conn_default"] = ["default", "Default instance to connect with"] @@ -34,6 +34,7 @@ class Splunk(Integration): myopts["splunk_default_latest_time"] = ["now", "The default latest time sent to the Splunk server"] myopts["splunk_parse_times"] = [1, "If this is 1, it will parse your query for earliest or latest and get the value. It will not alter the query, but update the default earliest/latest for subqueries"] myopts["splunk_autologin"] = [True, "Works with the the autologin setting on connect"] + myopts["splunk_results_count_size"] = [0, "Changing this value from its default - which is not recommended - will limit the number of results that the results reader displays. It does **NOT** limit the number of results in your query (you must set that limit in your Splunk query)"] # Class Init function - Obtain a reference to the get_ipython() def __init__(self, shell, debug=False, *args, **kwargs): @@ -211,7 +212,7 @@ def customQuery(self, query, instance, reconnect=True): sleep(1) if search_job.results is not None: - dataframe = pd.read_csv(search_job.results(output_mode="csv", count=0)) + dataframe = pd.read_csv(search_job.results(output_mode="csv", count=self.opts["splunk_results_count_size"][0])) str_err = "Success" else: dataframe = None