Solved: Eventtypes' numbers limits

nik_splunk · ‎04-16-2010

Good Morning all,

Anybody knows if exists a limit regarding the amount of eventtype I could set into splunk? I already started to create eventtypes and corresponding tags for a Splunk's installation over a very large IT enviroment (also multiplatform), assuming there are no restriction. In case of limitations...is there a workaround to get my goal?

Thanks in advance for your time.

Nik

gkanapathy · ‎04-16-2010

There is no hard limit, but it is probably a bad idea to have more than a few hundred as it will impact search speed. You might consider using lookup tables on data instead. These should scale to several hundred thousand or a few million entries without any trouble.

View solution in original post

gkanapathy · ‎04-16-2010

There is no hard limit, but it is probably a bad idea to have more than a few hundred as it will impact search speed. You might consider using lookup tables on data instead. These should scale to several hundred thousand or a few million entries without any trouble.

nik_splunk · ‎04-17-2010

Thank you gkanapathy, for your support and you precious suggestion. Have a good time!

nik

harshsarode1234 · ‎06-13-2016

how to get only 100 recent event logs.Thanks in advance.

Eventtypes' numbers limits

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms