Splunk Search

Splunk search - logs retrieval limitation

nivi
New Member

While doing a splunk search using a splunk query and retrieving logs in an automated matter, the job extraction only a maximum of 2 lakhs of logs. How to resolve this issue

Labels (2)
0 Karma

richgalloway
SplunkTrust
SplunkTrust

Please tell us more about the automated method you are using.  Which method is it?  Does it specify the maxout parameter?

You may find some help at https://hurricanelabs.com/splunk-tutorials/the-best-guide-for-exporting-massive-amounts-of-data-from...

---
If this reply helps you, Karma would be appreciated.

inventsekar
SplunkTrust
SplunkTrust

Hi @nivi ... please check the limits.conf file.. 

[searchresults]
maxresultrows = 50000
# maximum number of times to try in the atomic write operation (1 = no retries)

https://docs.splunk.com/Documentation/Splunk/9.1.1/Admin/Limitsconf#limits.conf.example

 

may we know more details like.. is it a csv log or regular log file or something else..

Splunk enterprise or Splunk cloud?

are you planning to increase or decrease this limit (2 lakh logs itself is a very big limit).

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !
0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...