Satya Vishwakarma
Reputation: 5
Export Splunk result 15000 output mail in CSV
My Splunk result set is giving output of 15000 record (sometimes more then that) but when I set query as an alert to send the result set in CSV file the result is getting limit to 10001 records only. Can anyone help that how can I get all 15000 record in CSV file in a mail via alert setup.
Upvotes: 0
Views: 585
Answers (1)
David
Reputation: 896
You have to edit and modify limits configuration :
edit : $SPLUNK_HOME/etc/system/local/limits.conf
[scheduler]
max_action_results = 20000
[searchresults]
maxresultrows = 20000</code>
edit : $SPLUNK_HOME/etc/system/local/alert_actions.conf
[default]
maxresults = 20000</code>
Upvotes: 0
Related Questions
- Extract data from splunk
- Splunk data export using API
- Get distinct results (filtered results) of Splunk Query based on a results field/string value
- how to check if splunk has received the logs from 100 different hosts
- Splunk Alert Creation
- Sending out multiple reports as one email in splunk
- Extracting certain fields from Splunk query results
- How to count results in Splunk and put them in a table?
- Splunk query to filter results
- How to extract correct fields and count to create report in Splunk?