Skip to content

Add option for results count size #8

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Add option for results count size #8

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
a3a85da
changed to batch processing
robd518 Dec 5, 2023
d764223
added option for result count size
robd518 Dec 5, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 3 additions & 2 deletions splunk_core/splunk_full.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,14 +26,15 @@ class Splunk(Integration):
# These are the variables in the opts dict that allowed to be set by the user.
# These are specific to this custom integration and are joined with the
# base_allowed_set_opts from the integration base
custom_allowed_set_opts = ["splunk_conn_default", "splunk_default_earliest_time", "splunk_default_latest_time", "splunk_parse_times", "splunk_autologin"]
custom_allowed_set_opts = ["splunk_conn_default", "splunk_default_earliest_time", "splunk_default_latest_time", "splunk_parse_times", "splunk_autologin", "splunk_results_count_size"]

myopts = {}
myopts["splunk_conn_default"] = ["default", "Default instance to connect with"]
myopts["splunk_default_earliest_time"] = ["-15m", "The default earliest time sent to the Splunk server"]
myopts["splunk_default_latest_time"] = ["now", "The default latest time sent to the Splunk server"]
myopts["splunk_parse_times"] = [1, "If this is 1, it will parse your query for earliest or latest and get the value. It will not alter the query, but update the default earliest/latest for subqueries"]
myopts["splunk_autologin"] = [True, "Works with the the autologin setting on connect"]
myopts["splunk_results_count_size"] = [0, "Changing this value from its default - which is not recommended - will limit the number of results that the results reader displays. It does **NOT** limit the number of results in your query (you must set that limit in your Splunk query)"]

# Class Init function - Obtain a reference to the get_ipython()
def __init__(self, shell, debug=False, *args, **kwargs):
Expand Down Expand Up @@ -211,7 +212,7 @@ def customQuery(self, query, instance, reconnect=True):
sleep(1)

if search_job.results is not None:
dataframe = pd.read_csv(search_job.results(output_mode="csv", count=0))
dataframe = pd.read_csv(search_job.results(output_mode="csv", count=self.opts["splunk_results_count_size"][0]))
str_err = "Success"
else:
dataframe = None
Expand Down