Solved: How to expand 500 limits event for Transaction com...

TheGU · ‎12-16-2010

When I run transaction command, some transaction may be more than 500 events but splunk split it to a set of 500 events and show message below :

Show most relevant lines (Exceeds 500 limit)

How to expand this limitation?

orenault · ‎02-08-2013

You have to modify the xml file to set a higher limit.

Using maxevents=1000 do nothing, as the maxevents is already at 1000 by default.
The limitation is on the display, not on the search.

orenault · ‎02-08-2013

You have to modify the xml file to set a higher limit.

Using maxevents=1000 do nothing, as the maxevents is already at 1000 by default.
The limitation is on the display, not on the search.

bowa · ‎03-10-2011

I am also interetesed ... the maxevents above 500 are ignored ... so there must be a setting somewhere that overrules it with max 500

bbingham · ‎12-17-2010

add the "maxevents=" to your transaction command.

example

 index=main * | transaction blah maxevents=1000 maxspan=15s

harshsarode1234 · ‎06-14-2016

hi ,
can you please tell me that xml filename with directory.

How to expand 500 limits event for Transaction command?