100k export limit

Hi, everyone. I'm trying to export the results of a firewall web usage report that I created on Sophos Central. I need to export to a CSV file, the last 24 hours of events. But, when selecting that timeframe, the resulting file doesn't contain all the events because of the 100k export limit. Based on my testing, I'd need to create 48, 30 minutes reports, to get all the data. So my question is, is there a way to export more than 100k events? Maybe use the APIs to get the data and send it to another place?

Thanks.

Top Replies

Qoosh 4 months ago +1

Hi SI , Thanks for reaching out to the Sophos Community Forum. The SIEM Integration API can be used for this purpose, however, there is a limit to the number of events you can return per API call.…

0 Qoosh 4 months ago

Hi SI,

Thanks for reaching out to the Sophos Community Forum.

The SIEM Integration API can be used for this purpose, however, there is a limit to the number of events you can return per API call. In general, it is best to have this set up with your SIEM system so that queries are run periodically over time to replicate the event data stored in Sophos Central.

The maximum number of items that can be returned per query is 1000.

Kushal Lakhan

Team Lead, Global Community Support
Connect with Sophos Support, get alerted, and be informed.
If a post solves your question, please use the "Verify Answer" button.

The New Home of Sophos Support Videos! - Visit Sophos Techvids
Cancel
Vote Up +1 Vote Down

Sign in to reply

Verify Answer

Cancel