When using the Alert Logic® console to search for log messages or other data on the Search page, you may receive a message similar to the following when submitting a query:
- This search will exceed the amount of searchable data allowed for your account. You can retry the search in 11 seconds or search a shorter time frame.
- This search will exceed the amount of searchable data allowed for your account. Please search a shorter time frame.
These messages occur when you reach the limit on the time frame of the data you are searching over.
Note: If you are an MDR customer, the Search page can be accessed within the Alert Logic console under the menu icon () > Investigate > Search > Search. If you are a Legacy customer, the Search page can be accessed within the Alert Logic console at Search > Search.
What are the limits on search time frame?
The search platform will allow searching one year of data every 15 minutes (for example: twelve one-month searches, 52 weekly searches, and so forth).
What should I do if I see these messages?
Follow the guidance below if you receive either of the following messages.
- This search will exceed the amount of searchable data allowed for your account. You can retry the search in 11 seconds or search a shorter time frame.
Resolution: This message includes the expected wait before you can execute this search based on the time range of the current search. Simply resubmit the query to continue; you may also reduce the time range for your search or schedule a saved search, and be notified when it completes. - This search will exceed the amount of searchable data allowed for your account. Please search a shorter time frame.
Resolution: You must reduce the time range for your search. You can split a search into shorter periods, such as searching for data for the last year, and then searching for data for the year before.
Comments
0 comments
Please sign in to leave a comment.