Solved: Why does increasing the value of maxopentxn reduce...

gesman · ‎04-25-2015

I run transaction command in the following manner:
... | transaction tlsid maxpause=15m maxevents=-1 keepevicted=1 mvlist=pages ...
It returns 14,776 events (transactions)

My limits.conf contains these settings:

[transactions]
maxopentxn    = 5000
maxopenevents = 100000

When I ran the same search, but with larger * maxopentxn *:
...| transaction tlsid maxpause=15m maxevents=-1 keepevicted=1 maxopentxn=1000000 mvlist=pages ...
- it returns 14,390 events

Why does increasing the limits reduce the number of transactions returned?
I expect same or bigger number, not smaller - my computer resources seems to be sufficient.

martin_mueller · ‎04-25-2015

If you have a low number of open transactions, some will get closed when you hit that limit and new ones may get opened later in the search for the same tlsid. When you have a higher number of open transactions, these "split up" tlsid values will end up in one big combined transaction, giving you a lower overall number of transactions.

View solution in original post

martin_mueller · ‎04-25-2015

If you have a low number of open transactions, some will get closed when you hit that limit and new ones may get opened later in the search for the same tlsid. When you have a higher number of open transactions, these "split up" tlsid values will end up in one big combined transaction, giving you a lower overall number of transactions.

gesman · ‎04-25-2015

Great, thanks.

Gleb

Why does increasing the value of maxopentxn reduce the number of returned transaction events?

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms