Splunk Enterprise Security

Splunk Enterprise Security: Threat Intelligence list export limitation at 10,000 record?

owenpcyip
New Member

I can see that there are over 10000 record per list (Threat Intelligence) in Splunk ES Web UI. But I can ONLY export 10000 records per list. May I know if there is a limitation on that (max. 10000 record per list) instead of parse or normalize 10000 records ONLY. Thanks.

0 Karma

owenpcyip
New Member

I means I cannot to export my TI from the ES, the menu path as below

Splunk > App: Enterprise Security > Threat Artifacts >

Then, I get my TI result and would like to export it (over 10,000 records are there) to csv format but finally I just get only 10,000 records from the csv.

0 Karma

nabeel652
Builder

Are you using "sort" command somewhere in your query? That limits the records to 10,000 by default. Use zero like "Sort 0 field1 field2" to include all records.

0 Karma

owenpcyip
New Member

Thanks, I try it now.

0 Karma

owenpcyip
New Member

I means I cannot to export my TI from the ES, the menu path as below

Splunk > App: Enterprise Security > Threat Artifacts >

Then, I get my TI result and would like to export it (over 10,000 records are there) to csv format but finally I just get only 10,000 records from the csv.

0 Karma

pleymort
Explorer
0 Karma

owenpcyip
New Member

Thank you for the link but I am not sure for the configuration file location. I tried to find the file "savedsearched.conf" and got some results.

0 Karma

owenpcyip
New Member

I means I cannot to export my TI from the ES, the menu path as below

Splunk > App: Enterprise Security > Threat Artifacts >

Then, I get my TI result and would like to export it (over 10,000 records are there) to csv format but finally I just get only 10,000 records from the csv.

0 Karma
Get Updates on the Splunk Community!

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Hey, Splunk Community! Ready to take your data management skills to the next level? Join us for a 3-part ...

Spotting Financial Fraud in the Haystack: A Guide to Behavioral Analytics with Splunk

In today's digital financial ecosystem, security teams face an unprecedented challenge. The sheer volume of ...

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability As businesses scale ...