×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
eduzamora
Engager
Member since: ‎11-20-2018
‎06-05-2020
Community Statistics
Posts 2
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎11-20-2018
View All

Re: Splunk Cloud: Increase limit in field extracti...

by in Splunk Search
‎11-22-2018 03:13 AM
‎11-22-2018 03:13 AM
Thank you a lot, that solved it! 😄 ... View more

Splunk Cloud: Increase limit in field extraction f...

by in Splunk Search
‎11-20-2018 07:50 AM
‎11-20-2018 07:50 AM
I am using Splunk Cloud and I have defined a sourcetype (from the UI) of category Structured and Indexed Extractions as json. For most JSON logs published to my Splunk Cloud instance for the given sourcetype, all fields are correctly extracted. The exception to this are some larger JSONs, for which only a few of the fields are correctly extracted. After reading some other questions, it seems there are some limits either in spath (extraction_cutoff) itself or in the auto-kv extraction (maxchars). All these solutions require to modify limits.conf and here come my question: - How do you configure this kind of limits in Splunk Cloud? - Is there any other way to properly extract all fields from a big JSON in Splunk Cloud? ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM
Karma given to
View All