Hi to all,
I am a real newbie in Splunk. Sorry for my simple question, but I really need help.
I have set an automated alert on Splunk that collects over 8000 results when triggered. I tried dispatch those results by email in a .csv document, but Splunk only attach first 1000 results to the file. Vice versa when I relaunched the search manually, it made easily a complete csv document.
How I can extend the number of results in mail attachment ?
I also read the topic Splunk Alert only includes first 1000 results of search. Why? but it seems to me does not gave a solution to this problem: (there seems to be some hard-coded voodoo going on behind the scenes. And for whatever reason, that voodoo wants to keep your from sending more than 1,000 events in your email)
thanks in advance for every tip
... View more