Limits & Standards
This page lists the various limits and standard operating parameters of LogScale. See Best Practice for the best practices relative to ingest via the Ingest API.
General Limits & Parameters
Below is a list of general limits and parameters:
Note
Unless otherwise specified, all multiple-byte data sizes are expressed in SI units using decimal (Base 10). For example:
1KB = 1,000 Bytes
1MB = 1,000,000 Bytes
1GB = 1,000,000,000 Bytes
1TB = 1,000,000,000,000 Bytes
Data Structure
| Limit | Default Value | Dynamic Variable | Availability |
|---|---|---|---|
|
Max number of fields in an event. During ingest, fields are sorted alphabetically by name and the first fields are parsed, the remainder of the named fields are dropped. The @rawstring field is not modified and will contain all data. |
| ||
Max event size. When the configured event size max is reached,
either in @rawstring and/or in other fields,
the overall data will be truncated. Fields will be removed
entirely, and @rawstring will be truncated
down to the allowed max size with added
... at the end, such that the of
all other fields + size of @rawstring is less
than the configured max event size. Only
@rawstring, @timestamp
and @timezone are added when truncation
occurs.
|
| ||
| Max CSV lookup file size (see Lookup Files). |
|
Variable default: | |
| Max JSON lookup file upload size (see Lookup Files). |
|
Variable default: | |
| Max file upload size (see Lookup Files) |
|
Query Related Limits
| Limit | Default Value | Dynamic Variable | Availability |
|---|---|---|---|
|
Max memory a live query can consume during its execution. |
100,000,000 bytes |
Variable default: | |
| Max query length in characters |
| ||
|
Number of pipes that can be included in a query. |
| ||
|
Max number of results that any query can give. |
|
Variable default: |
Function Limits
| Limit | Default Value | Dynamic Variable | Availability |
|---|---|---|---|
Default number of events set in an RDNS request. See
rdns() function.
|
|
Variable default: | |
|
Default value for the |
|
Variable default: | |
|
Max value for the
|
|
Variable default: | |
Max number of events in tail(),
head(), and sort()
functions.
|
|
Variable default: | |
Max number of events in an RDNS request. See
rdns() function.
|
|
Variable default: | |
Memory limit for the mapper phase of a
collect() function running as a top-level
function, that is, how much data such a function can store.
|
| ||
Memory limit for the mapper phase of a
collect() function running in a subquery, or
as a subaggregator to another function, that is, how much data
such a function can store.
|
|
API Limits
| Limit | Default Value | Dynamic Variable | Availability |
|---|---|---|---|
| Limits for GraphQL queries on the total number of selected fields and fragments for authenticated users. |
|
| |
| Limits for GraphQL queries on the total number of selected fields and fragments for unauthenticated users. |
|
Variable default: | |
| Max body size in POST requests after decompression. |
| ||
| Max body size in POST requests before decompression. |
|
Standards
Below are some standards in LogScale.
Character sets
LogScale works with the JVM standard charsets. The character sets below are guaranteed to be supported in future JVM versions.
Note
These are the character sets LogScale accepts in the HTTP request and this may not necessarily be the same character sets accepted by the log shipper, such as Log Collector or another third-party log shipper, when ingesting files. When ingesting files, they are read by a log shipper that then makes HTTP requests to LogScale, and the character set supported by the log shipper is unlikely to have anything to do with what LogScale supports in the HTTP layer.
US-ASCII
ISO-8859-1
UTF-8
UTF-16
UTF-16BE
UTF-16LE
UTF-32
UTF-32BE
UTF-32LE
If you have any questions about whether a character set is accepted or supported, contact LogScale Support Team.