Limits & Standards

This page lists the various limits and standard operating parameters of LogScale. See Ingest via API Best Practices for the best practices relative to ingest via the Ingest API.

General Limits & Parameters

Below is a list of general limits and parameters of LogScale:

Note

Unless otherwise specified, all multiple-bye data sizes in LogScale are expressed in SI units using decimal (Base 10). For example:

  • 1KB = 1,000 Bytes

  • 1MB = 1,000,000 Bytes

  • 1GB = 1,000,000,000 Bytes

  • 1TB = 1,000,000,000,000 Bytes

Description Default Limit LogScale version
Character set support UTF-16 All
Max number of fields in an event

During ingest, fields are sorted alphabetically by name and the first 1000 fields are parsed, the remainder of the named fields are dropped. Please note that the @rawstring is not modified and will contain all data.

1,000 All
Max event size

When the configured event size max is reached, either in @rawstring and/or in other fields, the overall data will be truncated. Fields will be removed entirely, and @rawstring will be truncated down to the allowed max size with added ... at the end, such that the of all other fields + size of @rawstring is less than the configured max event size. Only @rawstring, @timestamp and @timezone are added when truncation occurs.

1 MB All
Max file upload size (see Lookup Files) 2048 MB All
Max tag-key size (not configurable) (see Tag Fields) 65535 All
Max tag-value size (not configurable) (see Tag Fields) 65535 All
Max query length in characters 66,000 All
Memory limit for the mapper phase of a collect() function running as a top-level function i.e., how much data such a function can store. 10 MiB From v1.79
Memory limit for the mapper phase of a collect() function running in a subquery, or as a subaggregator to another function i.e., how much data such a function can store. 1 MiB From v1.79
Max number of events in tail(), head(), and sort() functions. 20,000 All
Max number of events in an RDNS request, see rdns() function. All
Max number of data sources in a repository 10,000 All
Sets the max number of rows that join() and selfJoin() can return. 200,000 All
Default value for the limit parameter in groupBy(), selfJoin() and some other functions, when not specified. 20,000 All
Max value for the limit parameter in the groupBy() function. 1,000,000 All (200,000 up until version 1.126)
Max number of results that any query can give. 100,000 or the value of StateRowLimit, whichever is largest All
Max memory, in bytes, a historic/static query can consume during its execution. 100,000,000 bytes (100MB) Up to v. 1.115
Maximum amount of memory, in bytes, that a worker node can allocate to each historic/static query during its execution. 100,000,000 bytes (100MB) From v. 1.116
Max memory a live query can consume during its execution. 100,000,000 bytes (100MB) Up to v. 1.115
Maximum amount of memory, in bytes, that a worker node can allocate to each live query during its execution. It cannot be configured directly. 100,000,000 bytes (100MB) From v. 1.116
Maximum memory usage that the query coordinator node can allocate during the execution of a query. The memory limits for static and live queries will be computed to 1/4 of the memory limit of the query coordinator. 4,000,000,000 bytes (4GB) From v.1.116
Max body size in POST requests after decompression. 32M bytes  
Max body size in POST requests before decompression. 32M bytes  
Limits for GraphQL queries on the total number of selected fields and fragments. 1000 for authenticated and 150 for unauthenticated users. From v1.121