We have been told by support to add:

maxinputs="$action.email.maxresults{default=10000}$"

To the alert_inputs.conf file, however this does not make it work.

Anyone else get this to work? At this point I have been told this won't be fixed until the next version (we are currently running 4.1.5) but need it to work NOW. If I run this query at the command line and pipe the output to a file will it give me the same limitation?

This is caused by a typo in the default alert_actions.conf, and will be fixed in the next release. For an immediate fix, add this to etc/system/local/alert_actions.conf:

[email]
command =  $action.email.preprocess_results{default=""}$ | sendemail "to=$action.email.to$" "server=$action.email.mailserver{default=localhost}$" "from=$action.email.from{default=splunk@localhost}$" "subject=$action.email.subject{recurse=yes}$" "format=$action.email.format{default=csv}$" "sssummary=Saved Search [$name$]: $counttype$($results.count$)" "sslink=$results.url$" "ssquery=$search$" "ssname=$name$" "inline=$action.email.inline{default=False}$" "sendresults=$action.email.sendresults{default=False}$" "sendpdf=$action.email.sendpdf{default=False}$" "pdfview=$action.email.pdfview$" "searchid=$search_id$" "graceful=$graceful{default=True}$" maxinputs="$action.email.maxresults{default=1000}$" maxtime="$action.email.maxtime{default=5m}$"

I modified to set the problem has not been changed

There is a setting that dictates the maximum number of results that will be sent with any alert. This is the maxresults parameter that resides in the alert_actions.conf file. By default this is set to 100. For reference, you could set it to 2000 by adding this line to a $SPLUNK_HOME/etc/system/local/alert_actions.conf file:

maxresults=2000

http://www.splunk.com/base/Documentation/latest/Admin/Alertactionsconf