local limits.conf not working for the specified sp...

jaideep_gaikwad · ‎01-07-2014

I have created a view for max transactions/second, I have a timechart with a 1 second span which counts transaction/second per day for given time range.

host="*" | transaction "TxId" startswith=("0051-Request") endswith=("0077-Response") | timechart span=1s count(TxId) as Transactions/Second | timechart span=1d max(Transactions/Second) as MAX_TRANSACTIONS/SEC by host

I already gone through and followed your instructions and modified limits.conf as follow but still getting result with "the specified span would result in too many (>50000) rows".

[searchresults]
maxresultrows = 100000

[anomalousvalue]
maxresultrows = 50000

[metadata]
maxresultrows = 10000

[rare]
maxresultrows = 50000

[restapi]
maxresultrows = 50000

enforce_time_order = true

[set]
maxresultrows = 50000

[stats]
maxresultrows = 50000

[top]
maxresultrows = 100000

Is there any other solution to count max transaction/sec or do I need to modify limits.conf with different values?

Please help me to solve this problem.

somesoni2 · ‎01-08-2014

Update another property in your limits.conf in etc/system/local

[discretize]
maxbins = 500000

Basically both searchresults and discretize property needs to be updated with appropriate value, to increase limit of timechart.

local limits.conf not working for the specified span would result in too many (>50000) rows

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor