auto-finalized after time limit ( 30 seconds )

abhayneilam · ‎10-26-2012

I am getting the following warning while running my big query :

auto-finalized after time limit ( 30 seconds ) reached

can you please let me know what to do if I get this warning, and how does it effect to my query result.and how to increase the time limit for this

marellasunil · ‎08-17-2013

Or you can use
... |append maxtime=100 [search ... ]

marellasunil · ‎08-17-2013

The query will finalize its search and you will receive the result till 30 secs only (Not actual result).
If you are having any sub searches, change the time limit in limits.conf (Splunk\etc\system\default\limits.conf).
Hopefully it will work...

auto-finalized after time limit ( 30 seconds )

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation

auto-finalized after time limit ( 30 seconds )

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future