Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Subsearch timeout is ignoring settings

Deecie
Explorer
‎04-22-2012 07:01 PM

I'm trying to run a complex search and I keep getting this message:

[subsearch]: Search auto-finalized after time limit (60 seconds) reached.

However, I have this in etc/system/local/limits.conf:

[subsearch]
maxtime = 600

And for good measure I created etc/apps/myapp/local/limits.conf`:

[subsearch]
maxtime = 600

I've definitely restarted Splunk since making these changes. Is there something I'm missing? Could it be something to do with having nested and chained subsearches?

Tags (2)
Reply

MuS
SplunkTrust
SplunkTrust
‎01-17-2013 06:56 AM

Hi Deecie

this can be 'fixed' by changing the values in limits.conf for stanza [join]

 [join]
 subsearch_maxout = number_of_events
 subsearch_maxtime = max_seconds
 subsearch_timeout = seconds

after that it works just fine.

cheers,

MuS

Reply

sdaniels
Splunk Employee
Splunk Employee
‎04-23-2012 06:07 AM

What version are you running?

0 Karma
Reply

sdaniels
Splunk Employee
Splunk Employee
‎04-23-2012 06:07 AM

This may still be a bug. Best thing is to open up a support case to get this addressed. It also helps prioritize our engineering team.

http://splunk-base.splunk.com/answers/6128/subsearch-search-auto-finalized-after-time-limit-reached-...

0 Karma
Reply
Get Updates on the Splunk Community!

New Year, New Changes for Splunk Certifications

As we embrace a new year, we’re making a small but important update to the Splunk Certification ...

[Puzzles] Solve, Learn, Repeat: Unmerging HTML Tables

[Puzzles] Solve, Learn, Repeat: Unmerging HTML TablesFor a previous puzzle, I needed some sample data, and ...

Enterprise Security (ES) Essentials 8.3 is Now GA — Smarter Detections, Faster ...

As of today, Enterprise Security (ES) Essentials 8.3 is now generally available, helping SOC teams simplify ...