Reporting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Missing records when exporting to a text file

cesca
Engager
‎11-29-2011 08:07 AM

Hi,

I'm using splunk 4.2.4 and performed in the GUI a search that says something easy like host="AAA" OR host="BBB". It works since I can see the records for the AAA host and the BBB host and if pickup just the BBB host I see about 40 records. However, when I export the search result to a text file using the GUI and choosing the Raw data option, there are some records missing in the text file. If there were 1000 entries regarding host AAA and 40 entries regarding host BBB I just see the 1000 from AAA and only 3 entries of host BBB.

Do you have any idea why it can be happening? It only occurs in the exported file. In the GUI I can see all the entries correctly. I'm exporting about 102.000 records.

Thanks a lot,

-- Xavi

0 Karma
Reply

cesca
Engager
‎11-29-2011 11:37 PM

Hi,

Thanks for the information. I'll try to export it using the CLI commands until the 4.3 is released:

splunk search '*' -maxout 0

splunk search '*' -maxout 0 | wc -l

splunk search '*' -maxout 0 > exportfile.txt

I'll try to find out how to define the time range with theses commands.

0 Karma
Reply

gkanapathy
Splunk Employee
Splunk Employee
‎11-29-2011 03:56 PM

I believe the GUI export in 4.2 and lower has a limit of about 10k or 50k entries. In any case, it's less than 102k records. I believe 4.3 will have no such limit.

Reply
Get Updates on the Splunk Community!

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

From Idea to Implementation: Why Splunk Built mTLS into Splunk Enterprise 10.0  mTLS wasn’t just a checkbox ...