Hi is there any way of restrict a search query in resource limit. so not u overload the query to ES or in Graylog. som buffer settings or processer settings
You can limit user queries in System - Configurations - in section Search Configuration .
For example you can completely remote “ Search in all messages ” or change it to limit to 30 days for example, changing value from PT0S to P30D . Or you can add your own timeranges of you want.
https://docs.graylog.org/en/4.0/pages/searching/configuration.html#query-time-range-limit
yes sorry i was not clear enough 
but i want to restrict in more the speed of query and limit it in resources not in days/time
like set prio of the query so when someone do a search it will take longer time. this is due to we have one system that get almost 5TB per day of logs… and building a Webui to query with rest api to graylog.
I don’t think so, that it’s possible by graylog.
hmm i guess this will be the option the in ES
batched_reduce_size, this can limit
The number of shard results that should be reduced at once on the coordinating node. This value should be used as a protection mechanism to reduce the memory overhead per search request if the potential number of shards in the request can be large.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.