Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

Environment

Carbon Black Cloud
- Audit and Remediation
Splunk App

Symptoms

Live Query has more than 10,000 results, but only 10k are displaying in Splunk

Cause

This is a known limitation.

Carbon Black Cloud Splunk App - User Guide - Carbon Black Developer Network
"Note: Limited to the first 10,000 results of a Live Query"

Resolution

Please reach out to your account manager if you'd like to see this limitation increased.

Article Information

Author:

Creation Date:

‎04-05-2022

Views:

659

Knowledge Base

Audit and Remediation: Live Query Results Limited to 10,000 results in Splunk

Audit and Remediation: Live Query Results Limited to 10,000 results in Splunk

Environment

Symptoms

Cause

Resolution

Audit and Remediation

Carbon Black Cloud

Enterprise EDR

Knowledge Base

Audit and Remediation: Live Query Results Limited to 10,000 results in Splunk

Audit and Remediation: Live Query Results Limited to 10,000 results in Splunk

Environment

Symptoms

Cause

Resolution

Audit and Remediation

Carbon Black Cloud

Enterprise EDR

Thank you for your feedback.

Thank you for your feedback.