Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Increasing rows returned from STAT \ CHART queries

apackard
Engager
‎07-05-2013 09:05 AM

When I run a CHART or STAT query, and the query returns more than 50 rows the output is truncated with the following:-

[and xx more values]

Is there anyway to increase the number of rows returned?

Tags (2)
0 Karma
Reply

sideview
SplunkTrust
SplunkTrust
‎07-05-2013 11:51 AM

This is a common mistake. You're running searches like

stats values(foo)

when you should be running

stats count by foo

instead. The former will return just one row, with "values(foo)" as a multivalue field. However it is designed for situations when there are only a few values, so it truncates at 50. The latter on the other hand will display any number of rows - hundreds, thousands, millions, and never truncate.

Similarly, if you find yourself doing stats values(foo) by bar, intending to get unique combinations of foo with bar, just do stats count by foo bar.

0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎07-05-2013 12:33 PM

You could also just do top 0 foo bar.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability Cloud | Customer Survey!

If you use Splunk Observability Cloud, we invite you to share your valuable insights with us through a brief ...

.conf23 | Get Your Cybersecurity Defense Analyst Certification in Vegas

We’re excited to announce a new Splunk certification exam being released at .conf23! If you’re going to Las ...

Starting With Observability: OpenTelemetry Best Practices

Tech Talk Starting With Observability: OpenTelemetry Best Practices Tuesday, October 17, 2023   |  11AM PST / ...