Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Splunk Integration is fetching only 50 records

Go to solution
smithamg
Regular Contributor
Regular Contributor

‎03/02/2023 02:30 AM

Hi Team,
 
We have integrated the Splunk add on following the steps provided in 
 
Also, created a runtime analytics and user as mentioned in 
 
We are now getting logs in Splunk but only 50 records every time even though report has 200+ records.
 
Kindly help us to resolve this issue.
 
Thanks,
Smitha
Labels:
0 Kudos
9 REPLIES 9

Go to solution
Darshanjain
Saviynt Employee
Saviynt Employee

‎03/03/2023 12:52 AM

Hi @smithamg 

You can use the max=500 in the url to get more results,

If you need more than 500 results in one page, there is a config table where that value is stored you can keep it till 10000 and call the url with max=10000, then you would be able to get all the results.

As you said you are looking only for 200+, you can directly pass this in the url &max=500 should get you the result.

Ws_max_records_returned

0 Kudos

Go to solution
smithamg
Regular Contributor
Regular Contributor
In response to Darshanjain

‎03/03/2023 01:21 AM

Hi @Darshanjain

Thanks for your response. 

I am little confused when you say to use max=500 in URL. Below is our saviynt add on config in Splunk

smithamg_2-1677834962989.png

Which URL you are referring to?

Thanks,
Smitha

0 Kudos

Go to solution
Darshanjain
Saviynt Employee
Saviynt Employee
In response to smithamg

‎03/03/2023 01:23 AM

In the Runtime analytics of saviynt URL

0 Kudos

Go to solution
smithamg
Regular Contributor
Regular Contributor
In response to Darshanjain

‎03/03/2023 01:30 AM

Can you please provide any sample URL..

We are not making API call directly to fetch the report. We are using Splunk add on downloaded from
Splunk Integration Guide : Customer Portal (freshdesk.com)

0 Kudos

Go to solution
Darshanjain
Saviynt Employee
Saviynt Employee
In response to smithamg

‎03/03/2023 05:39 AM

Hi @smithamg 

I have checked and could see that the current add on file doesn't automatically calculate offset value , so the records are not being fetched,  So we have created a new add on file which is already at the edge of testing phase which will internally calculate the offset value and provide all the records. ( by next week the new add on file will be available )

You can check the documentation in next week to get the latest add on file.

 

Thanks

Darshan 

Go to solution
Falcon
Saviynt Employee
Saviynt Employee
In response to smithamg

‎03/09/2023 04:35 AM

Smitha,

We are in the middle of publishing the new add-on that supports pagination on Splunkbase as well as our documentation portal in next few days. In the meanwhile you can use this link to download https://drive.google.com/file/d/1IT-dcs2wKuSTu_RwkSkgDAVDKUUlFBch/view?usp=share_link. Also attached the add-on here

TA-saviyntevents-1.0.0-11.spl.zip

Go to solution
smithamg
Regular Contributor
Regular Contributor

‎03/14/2023 02:19 AM

It worked. Thanks for the updated add-on.

0 Kudos

Go to solution
smithamg
Regular Contributor
Regular Contributor

‎04/04/2023 01:13 AM

@Falcon @Darshanjain is there any limit on the number of records that returned by report. We have a report with 60K+ records, does Splunk add on capable of handling this?

0 Kudos

Go to solution
Darshanjain
Saviynt Employee
Saviynt Employee
In response to smithamg

‎04/04/2023 01:39 AM

Hi @smithamg 

Yes it should be able to handle as it is using pagination concept ( offset to fetch all records ).

 

Thanks

Darshan

0 Kudos
Copyright © 2024 Khoros, LLC