Re: Why are logs sometimes truncated during export...

ozansafi · ‎02-10-2015

After making a search on the search head, clicking on the "Export" icon on the GUI, and after waiting up to a minute for the download to start, the file I receive has a size of 32768 bytes, whereas it should have been 284050 bytes. This happens only sometimes, and for no apparent reason.

Is this a known bug? Can I do something against it?

effem · ‎02-18-2015

There are quite a few limitations, which could block you to get the whole data.

One of 'em is simply the fact of 50000-lines-limit on csv-exports. (even if u click on "unlimited")

FritzWittwer_ol · ‎02-23-2015

well, I am coming back to my older request, could you please provide more details about your search query.
One Thing which comes into my mind is the default 10000 records limit on the sort command.

ozansafi · ‎02-23-2015

I am using "Raw Events" instead of csv as the output format. Does that still apply?

effem · ‎02-23-2015

afaik only csv

But you can check it easily via wordcount
wc -l file

FritzWittwer_ol · ‎02-17-2015

could you please provide more details:
how many lines does your export contain, and does your search include a sort command?

Why are logs sometimes truncated during export from the Splunk Web UI?

Detecting Remote Code Executions With the Splunk Threat Research Team

Observability | Use Synthetic Monitoring for Website Metadata Verification

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk