Hi @kavi_t,
The error message "Query execution has exceeded the allowed limits" can occur from various reasons.
These reasons can be:
- CPU Throttling:
If queries in the same tenant surpass allocated CPU resources, the service may block queries until the next daily or 15-minute cycle. - Timeouts:
Queries running for more than three minutes may timeout and return an error. - Result Size Limit Exceeded:
The aggregate size of the result set may surpass the maximum limit, especially if truncation can't reduce it to an acceptable size. - Excessive Resource Consumption:
Queries consuming excessive resources may be halted.
Handle errors in advanced hunting for Microsoft Defender XDR | Microsoft Learn
Regarding limitations on the number of requests, the Microsoft Advanced Hunting API has specific restrictions:
- Queries are limited to the last 30 days' data.
- Results include a maximum of 100,000 rows.
- Execution limits per tenant include 45 calls per minute and 1500 calls per hour.
- Execution time is capped at 10 minutes every hour and 3 hours per day.
- A single request's maximal execution time is 200 seconds.
- The maximum query result size cannot exceed 124 MB.
Advanced Hunting API | Microsoft Learn
If encountering this error persistently, consider optimizing or breaking down the query.
Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.
If the post was useful in other ways, please consider giving it Like.
Kindest regards,
Leon Pavesic
(LinkedIn)
