Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk |search limited to 1000 entries

mkroczak
Loves-to-Learn
‎05-19-2021 11:34 AM

Hi there,

I'm just a basic user of Splunk in my company and I have 0 experience with programming or SQL please don't go rough on me.

I'm creating queries for extracting data for specific entries. For example:

 

 

|search LOTID = 19ADET165T0 OR 19ADET1E666 OR 19ADET1E838 OR 19ADET1FT58 OR 19ADET1G341 OR 19ADET1G511 OR 19ADET1G896 OR 19ADET1G898 OR 19ADET1G90T

 

 

Which with additional conditions will return results for these entries. 

Following this method I can only create single query for maximum of 1000 entries. 

Is there any way which I (basic user) can follow to get around this limitation and create succesful query for e.g. 5000 entries using |search?

Labels (2)
Labels
0 Karma
Reply

dhirendra761
Contributor
‎05-19-2021 01:02 PM

 

Put in the last 

|head <no_of_desired_searh_results_>

for example:

<your query>| head 5000

0 Karma
Reply
Get Updates on the Splunk Community!

Join Us for Splunk University and Get Your Bootcamp Game On!

If you know, you know! Splunk University is the vibe this summer so register today for bootcamps galore ...

.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!

.conf24 is taking place at The Venetian in Las Vegas from June 11 - 14. Continue reading to learn about the ...

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...