Audit and Remediation: Live Query Results Limited to 10,000 results in Splunk
search cancel

Audit and Remediation: Live Query Results Limited to 10,000 results in Splunk

book

Article ID: 288330

calendar_today

Updated On:

Products

Carbon Black Cloud Audit and Remediation (formerly Cb Live Ops) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

Live Query has more than 10,000 results, but only 10k are displaying in Splunk

Environment

  • Carbon Black Cloud
    • Audit and Remediation
  • Splunk App

Cause

This is a known limitation.

https://developer.carbonblack.com/reference/carbon-black-cloud/integrations/splunk/user-guide/
"Note: Limited to the first 10,000 results of a Live Query"

Resolution

Please reach out to your account manager if you'd like to see this limitation increased. 
Powered by Wolken Software