Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Has anyone come across this warning below in Splunk Web?

mohdmikhael
Explorer
‎01-19-2023 06:32 AM

Hi,

I recently came across this warning on Splunk web and was just wondering if anyone else has encountered this before and how to go about solving it?

The warning is as follows:
"Events are not displayed in the search results because _raw fields exceed the limit of 16777216 characters. Ensure that _raw fields are below the given character limit or switch to the CSV serialization format by setting 'results_serial_format=csv' in limits.conf. Switching to the CSV serialization....."

Any input is greatly appreciated and thank you in advance.

Mikhael

Labels (2)
Labels
Tags (3)
0 Karma
Reply

kanggao
New Member
‎01-27-2023 10:01 PM
do you figure out the root cause? it also displayed in our Splunk UI.
0 Karma
Reply

rahulg
Explorer
‎01-27-2023 02:39 AM

Did you find any solution for this, i also see this error on UI

0 Karma
Reply

PaulPanther
Builder
‎01-20-2023 04:32 AM

@mohdmikhael For me it looks like that the affected event(s) are not splitted correctly. 

Have you already verified what kind of data ist affected?

Regarding event breaking in Splunk: Configure event line breaking - Splunk Documentation

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...