Solved: Eventtypes' numbers limits

nik_splunk · ‎04-16-2010

Good Morning all,

Anybody knows if exists a limit regarding the amount of eventtype I could set into splunk? I already started to create eventtypes and corresponding tags for a Splunk's installation over a very large IT enviroment (also multiplatform), assuming there are no restriction. In case of limitations...is there a workaround to get my goal?

Thanks in advance for your time.

Nik

gkanapathy · ‎04-16-2010

There is no hard limit, but it is probably a bad idea to have more than a few hundred as it will impact search speed. You might consider using lookup tables on data instead. These should scale to several hundred thousand or a few million entries without any trouble.

View solution in original post

gkanapathy · ‎04-16-2010

There is no hard limit, but it is probably a bad idea to have more than a few hundred as it will impact search speed. You might consider using lookup tables on data instead. These should scale to several hundred thousand or a few million entries without any trouble.

nik_splunk · ‎04-17-2010

Thank you gkanapathy, for your support and you precious suggestion. Have a good time!

nik

harshsarode1234 · ‎06-13-2016

how to get only 100 recent event logs.Thanks in advance.

Eventtypes' numbers limits

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation