All Apps and Add-ons

Custom Add-on Event Count Limitation

masonwillinger
Explorer

I have created a custom add-on using the Splunk Add-on Builder app, which is running in an on-premise instance of Splunk Enterprise. The add-on utilizes a few REST API data input configurations that make calls to another vendor's product and pulls back specific data we're interested in. When I test the input inside the test pane of the add-on builder, it returns all expected events. I can also test the same REST API call outside of Splunk and it similarly returns all expected events.

When I package and upload the add-on to our Splunk Cloud instance, however, the same data input only pulls back 60 events instead of the full amount (~250). Other data inputs within the add-on that are hitting the same REST API are able to pull back more than 60 events, so the limitation appears to be exclusive to this one data input, which again, does not have the same limit when run in the add-on builder or outside of Splunk entirely. Does anyone know why there would be a difference in behavior when run in our Cloud environment or where I might be able to find logs to help me answer that question?

Labels (1)
0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...