Description
Summary of Article
When generating queries or reports, there are a few limits for the number of events that can be written out.
These limits are summarized below.
Queries (Historical Searches)
- if you have defined any Group By/Aggregate Conditions
- if you have NOT defined any Group By/Aggregate Conditions
Reports - With Export
- Your results include the Raw Event Log attribute regardless of whether you export to PDF or CSV
- 10,000 Lines/Events When:
- Your results do NOT include the Raw Event Log attribute AND
- You have defined any Group By/Aggregate Conditions (regardless of export to PDF or CSV)
- 50,000 Lines/Events When:
- Your results do NOT include the Raw Event Log attribute AND
- You have NOT defined any Group By/Aggregate Conditions AND
- You export to PDF
- Your results do NOT include the Raw Event Log attribute AND
- You have NOT defined any Group By/Aggregate Conditions AND
- You export to CSV
If the actual query or report result set is larger than the limits specified above, the results will be truncated based on these values.
Additional Information
Version 3.7.5 and earlier contain two GUI bugs which misstate the limits.
The bugs to resolve are:
- 9956: Export Report dialog box incorrectly says the PDF output is limited to 5,000 lines
- 9957: Report RUN NOW dialog box incorrectly says the report output is limited to 100,000 lines
Version Affected
3.7.5 and Below
