I get strange errors when searching messages by old dates.
If I put a search for more than two hours, I immediately get the following errors:
2 errors occurred while the search was executing. The...
See more...
I get strange errors when searching messages by old dates.
If I put a search for more than two hours, I immediately get the following errors:
2 errors occurred while the search was executing. Therefore, search results might be incomplete.
'stats' command: limit for values of field 'Time' reached. Some values may have been truncated or ignored.
'stats' command: limit for values of field 'messageType' reached. Some values may have been truncated or ignored.
From four days:
4 errors occurred while the search was executing. Therefore, search results might be incomplete.
'stats' command: limit for values of field 'Time' reached. Some values may have been truncated or ignored.
'stats' command: limit for values of field 'eventTime' reached. Some values may have been truncated or ignored.
'stats' command: limit for values of field 'messageId' reached. Some values may have been truncated or ignored.
'stats' command: limit for values of field 'messageType' reached. Some values may have been truncated or ignored.
One of my requests:
index="external_system" messageType="RABIS-HeartBeat" | eval timeValue='eventTime' | eval time=strptime(timeValue,"%Y-%m-%dT%H:%M:%S") | sort -_time | eval timeValue='eventTime' | eval time=strptime(timeValue,"%Y-%m-%dT%H:%M:%S") | eval Time=strftime(_time,"%Y-%m-%dT%H:%M:%S") | stats list(Time) as Time list(eventTime) as EventTime list(messageType) as MessageType list(messageId) as Messag11eId by messageType
Message example:
curl --location --request POST 'http://mon.pd.dev.sis.org:8088/services/collector/raw' --header 'Authorization: Splunk 02-93-48-9-27' --header 'Content-Type: text/plain' --data-raw '{ "messageType": "HeartBeat", "eventTime": "2022-11-14T13:34:15", "messageId": "ED280816-E404-444A-A2D9-FFD2D171F9999" }'
Can you please tell me how to solve these problems?