Hi Community,

We pump the logs of Window security events of some computers into Azure Sentinel SIEM. Now we retrieve those logs from Sentinel to local database by using REST API. The problem is when the result set is large, the API return error message like "Result size too large". So we want to implement pagination and fetch the data from SIEM then store it in local DB.

However, according to MS docs, Kql doesn't support "Skip" operator. 

So are there any ideas how to implement this pagination method to fetch the large result set from SIEM?