Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Unable to search for the first 10,000 event only

gferreira
New Member
‎07-25-2018 06:09 AM

Hello, i'm trying to run a query but I would like it to stop at the first 10,000 events and I don't mean to display the first 10,000 events. The issue is that I'm building a front end for errors and if a user chooses errors in the last 10 minutes, there could be 100,000 and "head" or "streamstats count" will display the first 10,000 but the query continues to run in the background. I want the query to stop once it hits 10,000 events. Does anyone know of a way to accomplish this?

| streamstats count | where count<=10000 will display 10000 but give me 13,887 events (7/25/18 8:54:27.000 AM to 7/25/18 8:59:27.000 AM)
| head 10000 does the same

Tags (1)
0 Karma
Reply

adonio
Ultra Champion
‎07-25-2018 07:00 AM

hello there,
use | head 10000 before any stats or streamstats or anything
... your search ... | head 10000 | ... more stuff tat you want ...

0 Karma
Reply

sudosplunk
Motivator
‎07-25-2018 06:55 AM

Can you provide some more information like screenshots of your search and results. The reason I ask is, head command is working perfectly for me. my search | head 10000 stops running as soon as it hits 10k results.

0 Karma
Reply
Get Updates on the Splunk Community!

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...

Splunk APM: New Product Features + Community Office Hours Recap!

Howdy Splunk Community! Over the past few months, we’ve had a lot going on in the world of Splunk Application ...

Index This | Forward, I’m heavy; backward, I’m not. What am I?

April 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...