Forum Discussion
Solved
KQL data limit
Adios Defenders, Does anyone know how to bypass the data limit of 10000 rows
- As far as I am aware, the limit is fixed. The trick is to get your query down beneath the limit by imposing criteria in the most efficient order. You can view a shorter period of time, a more limited group of devices or simply remove data irrelevant to the threat you are hunting. I cannot be more specific as I typically work with EXO, but even then our tenancy is big enough to slam straight into the limits if I tried to eat everything.
As far as I am aware, the limit is fixed. The trick is to get your query down beneath the limit by imposing criteria in the most efficient order. You can view a shorter period of time, a more limited group of devices or simply remove data irrelevant to the threat you are hunting. I cannot be more specific as I typically work with EXO, but even then our tenancy is big enough to slam straight into the limits if I tried to eat everything.