Scheduled wearxh

Follow

Jellou Mae Infante

• November 02, 2020 03:30

Hi, I am using scheduled search. However, i am only getting 1000 records despite the query as 5kb only. I need the 1001 records and counting. What can I do?

0

• 

  Shobhit Garg

  • November 02, 2020 06:40

  Hi Jellou,

   

  If it is an aggregate real time search, then we have a limit of 1000 results

  https://help.sumologic.com/Visualizations-and-Alerts/Alerts/Scheduled-Searches/Create_a_Real_Time_Alert

  Limitations

  • The time range of a Real Time Alert must be between 5 and 15 minutes. 
  • Searching by receipt time is not supported.
  • A maximum of 120 emails are sent per day per Real Time Alert.
  • Aggregate real-time scheduled searches evaluate the first 1000 results per search. For Example, if the scheduled search is supposed to return more than 1000 results, reduce the scope of the search.
  • Non-Aggregate real-time scheduled searches evaluate the first 100 results per search. For Example, if the scheduled search is supposed to return more than 100 results, either covert it to aggregate scheduled search or reduce the scope of the search.

  Regards,

  Shobhit

  0

  Comment actions Permalink

Please sign in to leave a comment.