Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to increase limit of "The pipeline size limit"?

ktc78
Explorer
‎07-30-2023 07:49 PM

Hi all,

I just upgraded splunk enterprise from 8.1.2 to 8.2.6.1
And I found some of big searches return below message when I run them

 

"Error in 'SearchPipeline': The pipeline size for this search exceeds a search command limit : 340"

 

I've never seen this message on 8.1.2 before

Could you please guide me 'which conf file stanza should be modified to increase pipeline limit?'

0 Karma
Reply

cklunck
Path Finder
‎07-30-2023 09:08 PM

It appears the limit of 340 commands in a search pipeline is a hard-coded value and cannot be increased.

I was able to find this previous Community post which applies to your situation:

Executed search contains more than 340 commands 

0 Karma
Reply

ktc78
Explorer
‎07-30-2023 11:24 PM

Thanks you cklunck for your kind reply!

I'm sure that's why I can't find any conf files nor articles about that...

Anyway I'm afraid I haven't read that restrictions in splunk release notes at all 😞

Tags (1)
0 Karma
Reply

ktc78
Explorer
‎08-03-2023 01:02 AM

Below is official answer I got from splunk support team

--- Message ---

The limit is a hidden setting.

We don't recommend our customers to modify it, as searches with hundreds of search commands can cause crashes. 

 To prevent crashes, in 8.2.3 we changed the limit to 340.

 In 9.0.0, we made some more fundamental changes to address the root cause of the crashing, so the limit is set to 1000.

 We would recommend upgrading your Splunk Enterprise instances to 9.0.0 or later.

 [Ref] https://docs.splunk.com/Documentation/Splunk/9.0.0/ReleaseNotes/Fixedissues#:~:text=Searches%20with%...

0 Karma
Reply
Get Updates on the Splunk Community!

Reduce and Transform Your Firewall Data with Splunk Data Management

Managing high-volume firewall data has always been a challenge. Noisy events and verbose traffic logs often ...

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...