Enforce arrays for multi-values in Splunk searches

The Splunk SDK for Python is returning for multi-values that only have one entry a string instead of an array. To enforce arrays, you can do the following workaround:

December 20, 2021 · 1 min · admin

More than 100 results using the search-job API in Splunk

If you’re using the @splunk/search-job API and want to return more than the 100 results (the default value), you’ll have to pass count to the getResults function, e.g.: new SearchJob.create({ search: myQuery, }).getResults({ count: 500 });

December 14, 2021 · 1 min · admin

Mapping types using the Splunk search-job API

In case you’re using the @splunk/search-job API you might find it annoying that the properties of the returned objects are all of type string. To fix this, I wrote a little type mapper (The unit test shows how to use it):

December 9, 2021 · 1 min · admin

Connect a datasource to a Splunk visualization

How to programmatically connect a search datasource to a Splunk visualization (without using the dashboard):

November 24, 2021 · 1 min · admin