Solved: Eventtypes' numbers limits

nik_splunk · ‎04-16-2010

Good Morning all,

Anybody knows if exists a limit regarding the amount of eventtype I could set into splunk? I already started to create eventtypes and corresponding tags for a Splunk's installation over a very large IT enviroment (also multiplatform), assuming there are no restriction. In case of limitations...is there a workaround to get my goal?

Thanks in advance for your time.

Nik

gkanapathy · ‎04-16-2010

There is no hard limit, but it is probably a bad idea to have more than a few hundred as it will impact search speed. You might consider using lookup tables on data instead. These should scale to several hundred thousand or a few million entries without any trouble.

View solution in original post

gkanapathy · ‎04-16-2010

There is no hard limit, but it is probably a bad idea to have more than a few hundred as it will impact search speed. You might consider using lookup tables on data instead. These should scale to several hundred thousand or a few million entries without any trouble.

nik_splunk · ‎04-17-2010

Thank you gkanapathy, for your support and you precious suggestion. Have a good time!

nik

harshsarode1234 · ‎06-13-2016

how to get only 100 recent event logs.Thanks in advance.

Eventtypes' numbers limits

Splunk Security Content for Threat Detection & Response, Q1 Roundup

Splunk Life | Happy Pride Month!

SplunkTrust | Where Are They Now - Michael Uschmann