Splunk Search

The search failed. More than 125000 events found at time

ddholstadz
Explorer

I get this error which I suspect is from reading in a file whith no timestamps in it?

Error in 'IndexScopedSearch': The search failed. More than 125000 events found at time 1293916026.

1) Is there an easy way to see which file caused the error 2) Is there a was to force Splunk to spread the file across multiple timestamps?

Tags (1)
1 Solution

sideview
SplunkTrust
SplunkTrust
0 Karma

sideview
SplunkTrust
SplunkTrust
0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!