Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Hunk search only retrieves 1000 events. How to modify this limit?

benoitleroux
Explorer
‎09-09-2014 08:18 AM

Using Hunk, each search retrieves only 1000 results. Is this set in the etc/system/default/limits.conf? If so which key is it? I tried to modify some of them without success.

Tags (2)
Reply
1 Solution
Solved! Jump to solution
Solution

rdagan_splunk
Splunk Employee
Splunk Employee
‎09-09-2014 09:30 AM

Try this: In limits.conf, change the following line. Default is 1000.
max_events_per_bucket = 1000

View solution in original post

Reply
Solved! Jump to solution

benoitleroux
Explorer
‎09-09-2014 12:25 PM

Thanks it does affect it. max_events_per_bucket was not present in the fresh installed.

0 Karma
Reply
Solved! Jump to solution
Solution

rdagan_splunk
Splunk Employee
Splunk Employee
‎09-09-2014 09:30 AM

Try this: In limits.conf, change the following line. Default is 1000.
max_events_per_bucket = 1000

Reply
Solved! Jump to solution

benoitleroux
Explorer
‎09-09-2014 12:26 PM

Thanks it does affect it. max_events_per_bucket was not present etc/system/default/limits.conf in the fresh installed of last version.

0 Karma
Reply
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

REGISTER NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If ...

Observability | Use Synthetic Monitoring for Website Metadata Verification

If you are on Splunk Observability Cloud, you may already have Synthetic Monitoringin your observability ...

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...