Limits and Standards
This page lists the various limits and standard operating parameters of LogScale. See Best Practice for the best practices relative to ingest via the Ingest API.
General Limits and Parameters
Below is a list of general limits and parameters:
Note
Unless otherwise specified, all multiple-byte data sizes are expressed in SI units using decimal (Base 10). For example:
1KB = 1,000 Bytes
1MB = 1,000,000 Bytes
1GB = 1,000,000,000 Bytes
1TB = 1,000,000,000,000 Bytes
Data Structure
| Limit Name | Limit | Dynamic Variable Configuration | Availability |
|---|---|---|---|
| Max number of datasources in a repository. |
| ||
|
Max number of fields in an event. During ingest, fields are sorted alphabetically by name and the first fields are parsed, the remainder of the named fields are dropped. The @rawstring field is not modified and will contain all data. |
| ||
|
Max event size. When the configured event size max is reached,
either in @rawstring and/or in other
fields, the overall data will be truncated. Fields will be
removed entirely, and @rawstring will be
truncated down to the allowed max size with added
|
| ||
|
Max CSV lookup file size (see Lookup Files). |
|
Variable default: | |
|
Max JSON lookup file upload size (see Lookup Files). |
|
Variable default: | |
|
Max file upload size (see Lookup Files) |
|
Query Related Limits
| Limit Name | Limit | Dynamic Variable Configuration | Availability |
|---|---|---|---|
|
Max memory a live query can consume during its execution. |
100,000,000 bytes |
Variable default: | |
| Max query length in characters |
| ||
|
Maximum memory usage that the query coordinator node can allocate during the execution of a query. The memory limits for static and live queries will be computed to 1/4 of the memory limit of the query coordinator. The limits of the static query state size and the live query state size are the state sizes on the workers. This value allows cluster operators to effectively control how many concurrent queries are allowed on a system based on the hardware configuration. The lower the value, the more queries any given coordinator can run concurrently, since each query is allowed less of the available memory. The reason this then indirectly controls the memory allowed for each query state is that each coordinator node holds 4 copies of the query state / query result at any given point during the query execution. |
|
Variable default: | |
|
Maximum amount of memory, in bytes, that a worker node can allocate to each historic/static query during its execution. |
|
Variable default: | |
|
Maximum amount of memory, in bytes, a historic/static query can consume during its execution. |
100,000,000 bytes |
Variable default: | |
|
Number of pipes that can be included in a query. |
| ||
|
Max number of results that any query can give. |
|
Variable default: | |
|
Maximum number of events processed in a given function. It is
strongly recommended to not change this limit beyond its current
default value as the consequences of doing so are cluster
instability or cluster crashes. If you experience a lot of query
load, particularly from the |
200,000 rows |
Variable default: | |
|
Maximum amount of memory, in bytes, that a worker node can allocate to each live query during its execution. It cannot be configured directly. |
|
Variable default: |
Function Limits
| Limit Name | Limit | Dynamic Variable Configuration | Availability |
|---|---|---|---|
|
Default number of events set in an RDNS request. See
|
|
Variable default: | |
|
Default value for the |
|
Variable default: | |
|
Max value for the
|
|
Variable default: | |
|
Max number of rows that |
|
Variable default: | |
|
Max number of events in |
|
Variable default: | |
|
Max number of events in an RDNS request. See
|
|
Variable default: | |
|
Memory limit for the mapper phase of a
|
| ||
|
Memory limit for the mapper phase of a
|
|
API Limits
| Limit Name | Limit | Dynamic Variable Configuration | Availability |
|---|---|---|---|
| Limits for GraphQL queries on the total number of selected fields and fragments for authenticated users. |
|
| |
| Limits for GraphQL queries on the total number of selected fields and fragments for unauthenticated users. |
|
Variable default: | |
| Max body size in POST requests after decompression. |
| ||
| Max body size in POST requests before decompression. |
|
Trigger Limits
| Limit Name | Limit | Dynamic Variable Configuration | Availability |
|---|---|---|---|
| Maximum allowed catch up period for aggregate alert. See Aggregate alerts. |
| ||
| Maximum allowed throttle period for aggregate alert. See Throttling. |
| ||
| Maximum allowed time window for aggregate alert. See Aggregate alerts. |
| ||
| Maximum CSV file size in Action Type: Email. |
| ||
| Maximum number of events on which a filter alert with an email action triggers. See Filter alerts. |
| ||
| Maximum number of events on which a filter alert with a non-email action triggers. See Filter alerts. |
| ||
| Maximum frequency a filter alert can trigger. See Filter alerts. |
| ||
| Maximum catch up period for filter alert. See Filter alerts. |
| ||
| Maximum time a filter alert waits for missing data query warnings to disappear. See Filter alerts. |
| ||
| Maximum file size for lookup file in Action Type: Lookup File. |
| ||
| Maximum throttle period for filter alerts and legacy alerts. See Aggregate alerts. |
| ||
| Maximum allowed backfill limit for a scheduled search. See Backfill Limit. |
| ||
| Maximum allowed time window for a scheduled search. See Time window. |
| ||
| Maximum time a scheduled search waits for missing data query warnings to disappear. |
| ||
| Maximum number of values a throttled field can have. See Throttling. |
|
Scheduled Report Limits
| Limit Name | Limit | Dynamic Variable Configuration | Availability |
|---|---|---|---|
| Maximum size of email attachment when sending scheduled report |
| ||
| Number of times per hour a scheduled report can run |
| ||
| Number of scheduled reports per repository or view |
| ||
Maximum number of rows the
Table and
Event List
widgets can output
|
|
Standards
Below are some standards in LogScale.
Character sets
LogScale works with the JVM standard charsets. The character sets below are guaranteed to be supported in future JVM versions.
Note
These are the character sets LogScale accepts in the HTTP request and this may not necessarily be the same character sets accepted by the log shipper, such as Log Collector or another third-party log shipper, when ingesting files. When ingesting files, they are read by a log shipper that then makes HTTP requests to LogScale, and the character set supported by the log shipper is unlikely to have anything to do with what LogScale supports in the HTTP layer.
US-ASCII
ISO-8859-1
UTF-8
UTF-16
UTF-16BE
UTF-16LE
UTF-32
UTF-32BE
UTF-32LE
If you have any questions about whether a character set is accepted or supported, contact LogScale Support Team.