Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Timechart with large split by gives" Your search generated too much data for the current visualization configuration." Is it truncating stats or chart or both?

mikelanghorst
Motivator
‎05-13-2014 03:26 PM

When running a search against a weblog, and attempting to "|timechart span=1h limit=0 count by queryname" for 24hrs, I get the " Your search generated too much data for the current visualization configuration."

Is it just truncating the graph, or the statistics table as well?

Tags (2)
Reply

kbecker
Communicator
‎09-15-2016 10:34 AM

Have you opened a case with Splunk for this? This is a hard limit which we have an enhancement request ticket open, more customers requesting this to be raised should push Splunk to fix this.

0 Karma
Reply

MuS
SplunkTrust
SplunkTrust
‎05-13-2014 11:50 PM

Hi mikelanghorst,

according to the docs this message is from the JSChart Module and related to the object rendering limit in the chart library.

running this test search on my development box 

index=_internal | timechart span=10sec count

returns about 4700 events in the statistic table but brings the message 

These results may be truncated. This visualization is configured to display a maximum of 1000 results per series, and that limit has been reached.

on the report graph.
So from my understanding this message is completely related to the chart and not effects the statistic table.

hope this helps ...

cheers, MuS

Reply
Get Updates on the Splunk Community!

Splunk Mobile: Your Brand-New Home Screen

Meet Your New Mobile Hub  Hello Splunk Community!  Staying connected to your data—no matter where you are—is ...

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Real progress on your strategic priorities starts with knowing the business outcomes your teams are delivering ...

Enterprise Security (ES) Essentials 8.3 is Now GA — Smarter Detections, Faster ...

As of today, Enterprise Security (ES) Essentials 8.3 is now generally available, helping SOC teams simplify ...