Dear splunk employees,
Can you please implement an improvement to splunk notifications: if any configuration limitations are hit - inform user.
I've faced with this problem several times and the recent one is as follows: we have scheduled search that uses map command to put a specific date into the dbquery search and than performs other calculations.
And since it's a subsearch, it has a limit of 500000 events. One day we exceeded this number but didn't notice it as no indication of it was available, so results were misleading 😞
Please, make such notifications near search bar or if it is a scheduled search, send an alarm with listed results or if it is server-side limit, send an alarm to admin's email.
Hope for your help! Thanks
... View more