Hi All,
We are trying to get the memory usage of mvexpand command so that we can set the max_mem_usage_mb in the limits.conf correctly.

based the explanation in https://docs.splunk.com/Documentation/Splunk/8.0.4/Admin/Limitsconf, mvexpand should truncate result when the memory limit is hit.

By using following search , I am able to get the search memory usage.

`dmc_set_index_introspection` host=SH1-stack360test01 sourcetype=splunk_resource_usage data.search_props.sid::* data.search_props.mode!=RT
        | `dmc_rename_introspection_fields`
        | stats max(elapsed) as runtime max(mem_used) as mem_used earliest(_time) as _time by sid, label, provenance, type, mode, app, role, search_head, user
        | eval mem_used = round(mem_used, 2)
        | sort 20 - mem_used
        | fields - day, hour, minute, second
        | eval _time = strftime(_time,"%+")
        | rename sid as SID, label as "Search Name", provenance AS Provenance, type as Type, mode as Mode, app as App, role as Role, search_head as "Search Head", user as User, mem_used as "Memory Usage (MB)", _time as Started, runtime as Runtime
        | fieldformat Runtime = `dmc_convert_runtime(Runtime)`

From the observation, mvexpand does not truncate the result when it is over the limit. (search memory usage hit 520 MB)
Limit is set as of following

[default]
max_mem_usage_mb = 512

[mvexpand]
max_mem_usage_mb = 512

Is there a way for us to get the memory usage by mvexpand command in a scheduled search? 

Thank you