Reporting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

When creating an alert that creates a .csv file to be emailed , the .csv contains 9000 with an error.

SamHTexas
Builder
‎04-29-2021 02:34 PM

When creating an alert that creates a .csv file to be emailed , the .csv contains 9000 with an error that only the first 9000 of the 40,000 results are included. Please advise.

Labels (1)
Labels
Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

s2_splunk
Splunk Employee
Splunk Employee
‎04-29-2021 03:30 PM

There is a setting in the alerting search (savedsearches.conf) called 

action.email.maxresults

The default is 10000, not sure why you are getting 9000, maybe it was overwritten. 

But that's where I would look first.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

s2_splunk
Splunk Employee
Splunk Employee
‎04-29-2021 03:30 PM

There is a setting in the alerting search (savedsearches.conf) called 

action.email.maxresults

The default is 10000, not sure why you are getting 9000, maybe it was overwritten. 

But that's where I would look first.

0 Karma
Reply
Solved! Jump to solution

SamHTexas
Builder
‎04-29-2021 03:41 PM

Please tell me where do I find this savedsearches.conf file. Which server is it on?

Tags (1)
0 Karma
Reply
Solved! Jump to solution

s2_splunk
Splunk Employee
Splunk Employee
‎04-29-2021 05:55 PM

(Saved) searches are initiated on the Search Head;  you should find it there.

You can also see the settings in effect in the UI under Settings->Searches, reports, and alerts if you select "Advanced Edit" from the dropdown for the relevant alerting search:

Screen Shot 2021-04-29 at 5.54.21 PM.png

0 Karma
Reply
Get Updates on the Splunk Community!

Feel the Splunk Love: Real Stories from Real Customers

Hello Splunk Community,    What’s the best part of hearing how our customers use Splunk? Easy: the positive ...

Data Management Digest – November 2025

  Welcome to the inaugural edition of Data Management Digest! As your trusted partner in data innovation, the ...

Splunk Mobile: Your Brand-New Home Screen

Meet Your New Mobile Hub  Hello Splunk Community!  Staying connected to your data—no matter where you are—is ...