Hi,
I am trying to export (Stream) huge search results by using the REST API directly in python. For 1 minute of data, I get about 600,000 events. For 10 minutes I am able to get the data, but when I increase the time for more than 10 minutes, the search auto finalizes. (I see in the Jobs page that my search is not available in the UI, but the dispatch status is "finalizing")
My export search is something like:
index=somename sourcetype=somename earliest=-20m | table _indextime, _raw
Is there any setting that restricts even the export api from streaming all results?
... View more