Monitoring Splunk
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Performance impact on using max_rawsize_perchunk in limits.conf

priyg96
New Member
‎04-15-2019 10:45 PM

Hi everyone,
I am indexing 3000 large JSON events at a time in Splunk, but when I hit the Splunk query, it gives me below error:
"Events may not be returned in sub-second order due to search memory limits configured in limits.conf".

To resolve this issue, I added max_rawsize_perchunk = 400000000 in my /local/limits.conf as given in the below link:
https://answers.splunk.com/answers/90576/what-does-events-may-not-be-returned-in-sub-second-order-du...

But the query is giving a very slow performance and dashboards are taking a long time to load the data. Are there any parameters which I can use to increase the dashboard performance? Or is there any alternative of max_rawsize_perchunk since it is reducing the dashboard performance to a great extent?

Thanks

0 Karma
Reply

woodcock
Esteemed Legend
‎05-04-2019 01:25 PM

The best way to fix this is just to re-sort them when the come back from your search and not bother changing any settings. Just add this:

... | sort 0 - _time

None of this will speed up your search, which is a whole other thing. We cannot help you if you do not show us your SPL.

0 Karma
Reply

aakif
Engager
‎05-04-2019 10:12 AM

I have added max_rawsize_perchunk = 400000000 but still getting same error and search is also very slow.

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing Edge Processor: Next Gen Data Transformation

We get it - not only can it take a lot of time, money and resources to get data into Splunk, but it also takes ...

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Help us learn about how Splunk has impacted your career by taking the 2021 Splunk Career Survey. Last year’s ...

Using Machine Learning for Hunting Security Threats

WATCH NOW Seeing the exponential hike in global cyber threat spectrum, organizations are now striving more for ...