Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Is there a character limit for search queries?

williamsweat
Path Finder
‎04-04-2011 09:04 PM

... and can I change the character length or is it hard-coded?

Thanks

Tags (1)
Reply
1 Solution
Solved! Jump to solution
Solution

gkanapathy
Splunk Employee
Splunk Employee
‎04-04-2011 09:35 PM

There is no hard limit, and a search query can be many hundreds or millions of characters long. In practice, you will hit a limit on the browser/UI or a limit in the shell/CLI to be able to pass a search string, well before you reach any limit on search string length. You would have to use the API to be able to pass and create a query string long enough.

View solution in original post

Reply
Solved! Jump to solution
Solution

gkanapathy
Splunk Employee
Splunk Employee
‎04-04-2011 09:35 PM

There is no hard limit, and a search query can be many hundreds or millions of characters long. In practice, you will hit a limit on the browser/UI or a limit in the shell/CLI to be able to pass a search string, well before you reach any limit on search string length. You would have to use the API to be able to pass and create a query string long enough.

Reply
Solved! Jump to solution

williamsweat
Path Finder
‎04-06-2011 05:09 PM

Thanks! It looks like there was an un-escaped character in the query after all 😛

0 Karma
Reply
Solved! Jump to solution

gkanapathy
Splunk Employee
Splunk Employee
‎04-05-2011 11:25 PM

Not at 4800 characters. It's more likely there is a non-XML compliant character, e.g., & or < or > that isn't getting escaped.

0 Karma
Reply
Solved! Jump to solution

williamsweat
Path Finder
‎04-05-2011 07:46 PM

Are there limits with saved searches? I have a query that's approximately 4800 characters that's giving an XML error

0 Karma
Reply
Get Updates on the Splunk Community!

Dashboards: Hiding charts while search is being executed and other uses for tokens

There are a couple of features of SimpleXML / Classic dashboards that can be used to enhance the user ...

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

This is the fourth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how ...

Brains, Bytes, and Boston: Learn from the Best at .conf25

When you think of Boston, you might picture colonial charm, world-class universities, or even the crack of a ...