Solved: csv result limits at 50000 events for ad-hoc sende...

mchang_splunk · ‎01-18-2019

I have tried increase max_result by referring to
https://answers.splunk.com/answers/542862/how-to-overcome-csv-max-results-to-email.html

However, when I do ad-hoc search sending out email, the results are still limited at 50000 events:
sourcetype=foo | sendemail to=foo@foo.com sendcsv=true subject="more than 50000 events"

What else should I do to increase the limit?

mchang_splunk · ‎01-18-2019

The limit is defined in command.conf.
However, you can either increase this value by assigning maxinputs

sourcetype=foo | sendemail to=foo@foo.com sendcsv=true subject="more than 50000 events" maxinputs=500000

OR

permanently increase default maxinputs value in command.conf:

# maximum data that can be passed to command (0 = no limit)
maxinputs = 500000

View solution in original post

mchang_splunk · ‎01-18-2019

The limit is defined in command.conf.
However, you can either increase this value by assigning maxinputs

sourcetype=foo | sendemail to=foo@foo.com sendcsv=true subject="more than 50000 events" maxinputs=500000

OR

permanently increase default maxinputs value in command.conf:

# maximum data that can be passed to command (0 = no limit)
maxinputs = 500000

csv result limits at 50000 events for ad-hoc sendemail command

Admin Your Splunk Cloud, Your Way

Cloud Platform | Discontinuing support for TLS version 1.0 and 1.1

New Customer Testimonials