Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Subsearch results getting truncated while using join

keerthana_k
Communicator
‎12-08-2014 11:37 PM

Hi,

We are currently using join for creating summary index in our application. The search runs on a daily basis for the whole day. However, the results of the sub-search keep getting truncated. We have tried increasing the limits of join in etc/system/local/limits.conf as follows:

[join]
subsearch_maxout = 10000000
subsearch_maxtime = 3600
subsearch_timeout = 3600

In spite of this change, the results still truncated. Can anyone please let me know how to fix this issue.

Thanks,

Keerthana

Tags (2)
0 Karma
Reply

Ayn
Legend
‎12-09-2014 12:08 AM

There is a hard limit on 10500 results for subsearch output. There's no way around this. Sorry.

0 Karma
Reply

keerthana_k
Communicator
‎12-09-2014 12:44 AM

I am getting the limit as 50000 and not 10500. Also I read in the documentation that join is not affected by this.

[http://docs.splunk.com/Documentation/Splunk/6.2.0/Search/Aboutsubsearches][1]

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon

AI is changing how teams investigate incidents, detect threats, automate workflows, and build intelligent ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...