Sep 14 2021
02:28 AM
- last edited on
Apr 08 2022
10:54 AM
by
TechCommunityAP
Sep 14 2021
02:28 AM
- last edited on
Apr 08 2022
10:54 AM
by
TechCommunityAP
Hi Community,
We pump the logs of Window security events of some computers into Azure Sentinel SIEM. Now we retrieve those logs from Sentinel to local database by using REST API. The problem is when the result set is large, the API return error message like "Result size too large". So we want to implement pagination and fetch the data from SIEM then store it in local DB.
However, according to MS docs, Kql doesn't support "Skip" operator.
So are there any ideas how to implement this pagination method to fetch the large result set from SIEM?