After much testing of the regex, (to make sure that it was not its fault) the only thing left to try was to actually find out how big exactly these events were. Looking at splunkd.log and finding some string in the log (where it says that splunk was not able to parse the event at ) i was able to identify parts of the log where this was happening. The event itself is about 800-900 lines and what is happening that it is breaking every 300 (approx) lines. There is one attribute left to use in these cases, TRUNCATE - this makes sure that the event doesnt get truncated at the default size. From the docs we have: TRUNCATE = <non-negative integer> * Change the default maximum line length. * Set to 0 if you never want truncation (very long lines are, however, often a sign of garbage data). * Defaults to 10000. Setting TRUNCATE = 0 and restarting made the logfile finally break correctly. NOTE: it appears the default 10,000 is not lines but characters.. Hope this helps someone out there as i did have a bit of a hard time finding out what was not working correctly. Cheers, .gz ... View more

currently PDF sent through emails can only be done by the admin user. This should change in the next few releases. ... View more

yeap. i'm able to create a pdf with 5 pages at least. I should be able to create even with more, but when i try to get more pages i start getting blank PDF's (results do not render quick enough) Basically, i modify flashtimeline to show 100results per page. set up a quick saved search while being in that view, and receve email alerts/pdf's with 5 pages. Ping me/take it offline for more info on how to access my testing machine. Edit: Since you seem to be having an issue with actually printing a dashboard instead of a saved search i tried that as well, however i did notice the same behavior, my dashboard was truncated to one page... (check email for more info) ... View more