How to override the limits for result events ? how to show more than million records in logger search?
I wanted to extract events to csv from the result of my search. As, I do retrieve more than million records I have been shown by the logger only limited results.
If I wanted to extract more than that, how do i extract
deviceVendor="Palo Alto Networks"
Search criteria : Last 3 days.
I get an incomplete search results since it crossed limit 1 million records.
I wanted to extract more than 1 million records, How can I extract the logs ?
Re: How to override the limits for result events ? how to show more than million records in logger search?
Can you add more criteria to your search to reduce the number of events found?
Ideas - add a sourceAddress of interest?
What is the use case for this, why do you want to do this, and what use is a CSV file of 3 days of PAN events?
It should be possible to do this using the Logger API and some scripting.