* Maximum number of keys auto kv can generate. * When non-zero, the point at which kv should stop creating new fields. * Maximum number of k values to iterate over when specifying a range. * Maximum number of clusters to attempt to solve for. * Maximum data points to do kmeans clusterings for. * Maximum time to wait for subsearch to fully finish (in seconds). * Maximum search time (in seconds) before auto-finalization of subsearch. * Maximum result rows in output from subsearch to join against. * Loosely-applied maximum on number of preview data objects held in memory * Maximum number of results to emit per call to preview data generator * Maximum number of bytes to read from each file during preview * Maximum number of retries for creating a tmp directory (with random name as subdir of SPLUNK_HOME/var/run/splunk) * set to 0 for no message (message is always INFO level) * Warn when external scripted command is applied to more than this many events * Add an offset/row number to JSON streaming output * Add a epoch time timestamp to JSON streaming output that reflects the time the results were generated/retrieved * If maxbins is not specified or = 0, it defaults to searchresults::maxresultrows (which is by default 50000). * Maximum number of buckets to discretize into. * When discretizing time for timechart or explicitly via bin, the default bins to use if no span or bins is specified. * This stanza set attributes for bin/bucket/discretize. * Maximum number of columns/rows to generate (the maximum number of distinct values for the row field and * This stanza controls the contingency, ctable, and counttable commands. * Maximum number of detected concurrencies. * Maximum magnitude of range for p values when given a range. * Maximum valid period for auto regression * Maximum length of a single value to consider. * Maximum number of values for any field to keep track of. * Maximum size in bytes of any single value (truncated to this size if larger). * Maximum number of distinct values for a field. * Defaults to searchresults::maxresultsrows (which is by default 50000). * Configures the maximum number of events that can be present in memory at one time. * See definition in ttl for more details on how the ttl is computed * Time to cache a given subsearch's results, in seconds. * Maximum number of seconds to run a subsearch before finalizing * This value cannot be greater than or equal to 10500. * Maximum number of results to return from a subsearch. * Read more about subsearches in the online documentation: * NOTE: This stanza DOES NOT control subsearch results when a subsearch is called byĬommands such as join, append, or appendcols. * This stanza controls subsearch results. * Period of time to wait before each retry. * Maximum number of times to retry the atomic write operation. Setting this limit higher than 50000 causes instability. Grow the size of your result set (such as multikv) or that create events. * Configures the maximum number of events are generated by search commands which * This stanza controls search results for a variety of Splunk search commands. * Note configuring this to a very small value could lead to backing up of jobs at the tailing processor. * Global parameter, cannot be configured per input. * Specifies the size of the file/tar after which the file is handled by the batch reader instead of the trailing processor. * Certainly commands may use multiple such structures in conjuction with large in memory result sets and thus the true maximum search memory usage may be 4-5 times this limit depending on the sequence of commands. * also acts as a cutoff for memory usage by mvexpand. * coordinates with maxresultrows such that what is in memory satisfies at least one of these 2 constraints, except if max_mem_usage_mb is set to 0. * Specifies the recommended maximum estimate memory usage by internal data structures that can use disk as backing store if this limit would otherwise be exceeded. * Each stanza controls different parameters of search commands. # Improperly configured limits may result in splunkd crashes and/or memory overuse. # CAUTION: Do not alter the settings in nf unless you know what you are doing. # value in the specific stanza takes precedence. # * If an attribute is defined at both the global level and in a specific stanza, the # attribute, the last definition in the file wins. In the case of multiple definitions of the same # * Each conf file should have at most one default stanza. # * You can also define global settings outside of any stanza, at the top of the file. # Use the stanza to define any global settings. # To learn more about configuration files (including precedence) please see the documentation You must restart Splunk to enable configurations. # place a nf in $SPLUNK_HOME/etc/system/local/. # There is a nf in $SPLUNK_HOME/etc/system/default/. # This file contains possible attribute/value pairs for configuring limits for search commands.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |