If you want to load more than 1000 users in Splunk manager page, there are 2 parameters to set in Splunk.
authentication.conf
sizelimit =
limits.conf
[ldap]
max_users_to_precache =
as default is 1000, normally you will just see 1000 users in the manager page.
For setting more than 1000 users, the impact will be having more memory usage and slow down login time. It is better to manage with AD groups, filter those groups in authentication.conf file and select a subset of users to login to Splunk so that limited number of AD users will be "precache" in Splunk.
If you want to load more than 1000 users in Splunk manager page, there are 2 parameters to set in Splunk.
authentication.conf
sizelimit =
limits.conf
[ldap]
max_users_to_precache =
as default is 1000, normally you will just see 1000 users in the manager page.
What are the downsides(if any) to setting size limit and max_users_to_precache to a value of 10,000? Will there be memory issues? Will things in the UI be slower to load if you expect more than 1000 users?