There is a limitation on Elastic search when doing a search for over 10k+ records, is there a way to retrieve records over 10k+? Note that I am using EQL query to retrieve records over endpoint _EQL, I am aware that pagination and scroll api is possible on endpoint _search however I don't think it applies on eql queries, feel free to correct me if I'm wrong, I am currently using version 7.10.1 so keep that in mind as well, I am currently restricted to using EQL queries so I ideally want a solution according to it. The queries contain sequence of queries as well for pattern detection.
1 Like
Hi @Gkayy,
Welcome! The 10,000 limit is not _eql specific but related to the default value of the index.max_result_window property. You could technically increase it, but I would advise caution there as you may encounter performance or memory issues.
I haven't played with the _eql endpoint much, but have you checked to see if the scroll or search_after options are available?
1 Like
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.