How do I increase the limit on events returned when using cli search?

1 1	When running a splunk search from the cli, the maximum number of events returned is 100. How do I increase this limit? search cli limits asked 12 Mar '10, 20:04 SK110176 94●10 accept rate: 50% edited 28 May '10, 12:53 gkanapathy ♦ 32.3k●4●8●27

3 Answers:

oldest newest most voted

2	`-maxout 999` (or your preferred number) link answered 12 Mar '10, 20:45 V_at_Splunk 902●2●5●16 accept rate: 41%

New in 4.1, you can set -maxout 0, which means "unlimited." This is useful for streaming data to another processing system or to a file.

link

answered 28 May '10, 14:50

Stephen Sorkin ♦
8.9k●5●10
accept rate: 52%

As of 4.1.5 using -maxout 0 will yield unlimited results if your -ouput flag is set to 'raw' or 'rawdata', if it is set to 'csv' or 'table' it will be limited to 50k (plus one line for the header).

(20 Jan '11, 16:42) kevintelford

csv is unlimited in 4.2. table remains limited.

(20 Jan '11, 22:06) Stephen Sorkin ♦

Awesome!
:)

(21 Jan '11, 15:43) kevintelford

1	I think what you are looking for is "-maxout NUM", which changes the limit of returned results from 100 to NUM. link answered 12 Mar '10, 20:45 Marcin 21●2 accept rate: 50%

Post your answer

toggle preview

Follow this question

Email:

RSS:

Answers

Answers + Comments

Markdown Basics

*italic* or _italic_
**bold** or __bold__
link:[text](http://url.com/ "Title")
image?![alt text](/path/img.jpg "Title")
numbered list: 1. Foo 2. Bar
to add a line break simply add two spaces to where you would like the new line to be.
basic HTML tags are also supported

learn more about Markdown

Tags:

search ×1,640
cli ×111
limits ×85

Asked: 12 Mar '10, 20:04

Seen: 1,005 times

Last updated: 28 May '10, 14:50

How do I increase the limit on events returned when using cli search?

Follow this question

Splunk Resources

Related questions