Splunk Search

Likely Bug With Transaction MaxEvents

SplunkPersonal
Path Finder

Hello,

I'm using transaction to process events. Per the documentation (https://docs.splunk.com/Documentation/Splunk/7.2.0/SearchReference/Transaction), I set maxevents to a negative number so there is no limit. I only get 500 results however. But if I change maxevents to 5000 events, I get 2700 events with the exact same query.

Can you confirm this is not working as intended with a negative value for maxevents?

Thank you.

Tags (1)

simonzfor
Explorer

I have a similar issue where I have an expected of about 1500 events in a transaction. If I set maxevents to 1000, I get two different transactions. If I set maxevents to too big or disable it by using a negative value, they get excluded entirely from the end result. I find this behavior very strange.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...