Splunk Search

search by linecount last 1 million lines.

levent_kurt
Explorer

how can i search only last 1 million lines of 4 million lined total log file?

Tags (1)
0 Karma
1 Solution

Ayn
Legend

Assuming each line in the log file is treated as one event in Splunk:

source="yoursource" | head 1000000

View solution in original post

0 Karma

Ayn
Legend

Assuming each line in the log file is treated as one event in Splunk:

source="yoursource" | head 1000000
0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...