open-bus icon indicating copy to clipboard operation
open-bus copied to clipboard

Published 20 hours ago verified publisher icon hasadna

SplunkUtills - open tasks

Open EyalBerger opened this issue 5 years ago • 0 comments

Some open tasks regarding SplunkUtills (#177) -

  1. 50,000 results limitation: Getting results via Splunk API is limited to 50,000 events per one query. As for now, we use for loop to overcome this limitation, but it's recommended to find a better solution.

  2. Gaps between the API and Splunk app results: I compared my API results (when using a loop) to the Splunk app results, and founded a gap regarding the last day of the search. That need to investigate further. @cjer suggested maybe it's related to time zones.

  3. Filter by list of values: add option to filter by list of values using splunk_query_builder.

EyalBerger avatar Jun 10 '19 17:06 EyalBerger