Archive

Report not exporting all events

Communicator

When search query for report is run in Splunk, it shows 15000 events for last 7 days (example 4/14-4/21) but when I export results in csv, it exports events only for 4/21.
I have reset dispatch.max_count to 0 but still it doesn't retrieve all events in csv when report runs.

Tags (1)
0 Karma

Influencer

Go to Settings >> Searches, Reports, and Alerts.

Find and click on report name and check Earliest time and Latest time. Set these if not set directly the query.

0 Karma

Communicator

I tried but still not all events are exported in csv

0 Karma

Influencer

How are you exporting? Is it some alert action?

0 Karma