Splunk Search

How to limit runtime for a search?

a212830
Champion

Hi,

Is there a setting to limit max runtime for a search? I don't see anything obvious.

0 Karma
1 Solution

pradeepkumarg
Influencer

Yes, srchMaxTime in authorize.conf for the role you want to limit to.

srchMaxTime =
* Maximum amount of time that searches of users from this role will be
allowed to run.
* Once the search has been ran for this amount of time it will be auto
finalized, If the role

https://docs.splunk.com/Documentation/Splunk/7.1.1/Admin/Authorizeconf

View solution in original post

pradeepkumarg
Influencer

Yes, srchMaxTime in authorize.conf for the role you want to limit to.

srchMaxTime =
* Maximum amount of time that searches of users from this role will be
allowed to run.
* Once the search has been ran for this amount of time it will be auto
finalized, If the role

https://docs.splunk.com/Documentation/Splunk/7.1.1/Admin/Authorizeconf

gjanders
SplunkTrust
SplunkTrust

This answer is correct but do keep in mind that it's subtle when a scheduled search is auto-finalized (time limited), the GUI (at least in Splunk 7.0.x) doesn't make it super-obvious that a search has been auto-finalized.

You can see it via the gap in the timeline and also if you check the inspect job button or the info messages...in a scheduled search it is hidden within files in the dispatch directory so it's even less obvious that the auto-finalization occurred.

0 Karma

sloshburch
Splunk Employee
Splunk Employee

Bingo. So you very much introduce a situation where a user may think the search is complete and draw conclusions from the result but in reality the data set is incomplete. This is esp hard if on a dashboard.

0 Karma

a212830
Champion

Thanks! I assumed it was in the roles gui.

0 Karma
Get Updates on the Splunk Community!

Admin Your Splunk Cloud, Your Way

Join us to maximize different techniques to best tune Splunk Cloud. In this Tech Enablement, you will get ...

Cloud Platform | Discontinuing support for TLS version 1.0 and 1.1

Overview Transport Layer Security (TLS) is a security communications protocol that lets two computers, ...

New Customer Testimonials

Enterprises of all sizes and across different industries are accelerating cloud adoption by migrating ...