Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to make Splunk stop searching after it finds a certain amount of results?

rockyrush
Explorer
‎07-24-2017 07:33 AM

I have tried head 100, but it seems like it does a regular search and then gives me 100 results because it takes the same amount of time as a full search. I am looking for a way not to search 180 million entries when I only need 100 or so results.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

rroberts
Splunk Employee
Splunk Employee
‎07-24-2017 08:48 AM

Have you tried event sampling?
https://www.function1.com/2016/08/event-sampling-new-splunk-6-4-feature

View solution in original post

0 Karma
Reply
Solved! Jump to solution

jplumsdaine22
Influencer
‎07-24-2017 09:52 AM

What is your search? head should prevent a full search from being executed, unless it comes after a command that requires the data set to come back to the search head

0 Karma
Reply
Solved! Jump to solution

rockyrush
Explorer
‎07-24-2017 12:10 PM

Thanks so much! It was after commands which collected all the search terms

0 Karma
Reply
Solved! Jump to solution
Solution

rroberts
Splunk Employee
Splunk Employee
‎07-24-2017 08:48 AM

Have you tried event sampling?
https://www.function1.com/2016/08/event-sampling-new-splunk-6-4-feature

0 Karma
Reply
Solved! Jump to solution

rockyrush
Explorer
‎07-24-2017 09:45 AM

Not exactly what I was hoping for. I want the latest 100 then I want to to stop searching entirely and just display the results it already has.

Reply
Get Updates on the Splunk Community!

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Did you know that for Splunk Enterprise 9.4, Python 3.9 is the default interpreter? This shift is not just a ...