Hi, I did everything in that post and I couldn't extend the lifetime. I just entered in the Indexer and extended the job lifetime manually in "Job settings". It is enough to me but If you know another way more automatically I would appreciate it.

modify expiration field value from "after 24 hours" to some realistic value for your savedsearch/report.

Hello @sbbadri. Could you be a bit more specific? I did not understand what you meant. I appreciated your help.

I retake this topic because I have more time to learn more about this.

Thank you everybody 😄

If you refer to the limits.conf documentation and the alert_actions.conf they both have TTL settings that you can change.

However if you want to export large amounts of data why not use the CLI?

curl -k -u admin:changeme https://localhost:8089/services/search/jobs/export -d search="search index=_internal earliest=-2s" -d output_mode=csv > ....(or similar)

I find the CLI interface much more efficient for large exports, the above will dump the data directly into a file...(which is probably what you are trying to do)

Hi garethatiag, I exported the data via CLI but I always had the problem with jobs expiration because time is too short. My solved was editing the job settings manually and extend the lifetime, it was ok at the moment I needed but If I want something more automatically it's not the best choice.

I changed the TTL in those files and I did not get what I wanted, when I used the CLI the job time expiration was too short. I used to export 200GB of data.