Hi splukears, if you're using transaction in Splunk you are basically using Splunk as big grep environment, because it breaks way to many things within the Splunk search like mapreduce and you will end up getting all _raw data back from the indexers to the search heads. I would suggest to have a look at the March 2016 session of the virtual .conf https://wiki.splunk.com/Virtual_.conf and have a closer look at the examples on how to use stats with a start or end event. This will give you a way better performance and you will not hit any hidden limit of Splunk. cheers, MuS ... View more

Debugged this extensively. Finally, I did a hack. Hardcoded my root context path /mysplunkapp in the file account.py:login(..) method This works for me. File affected: ../lib/python2.7/site-packages/splunk/appserver/mrsparkle/controllers/account.py @expose_page(must_login=False, methods=['GET','POST'], verify_session=False) @lock_session @set_cache_level('never') def login(self, username=None, password=None, return_to=None, cval=None, **kwargs): #FIX (1) line below return_to = '/mysplunkapp/en-US/' <<=== # Force a refresh of startup info so that we know to # redirect if license stuff has expired. startup.initVersionInfo(force=True) updateCheckerBaseURL = self.getUpdateCheckerBaseURL() ps: Replace hardcoded value with cherrypy.config.get('root.endpoint') , if you didn't like hardcoding. ... View more