Message Image

Log in

Skip to main content (Press Enter).

Skip auxiliary navigation (Press Enter).

IBM Security

Join our 16,000+ members as we work together to
overcome the toughest challenges of cybersecurity.

Start collaborating

Save the Date! watsonx Hackathon - Pre-TechXchange Conference Event

Skip main navigation (Press Enter).

IBM Security QRadar SOAR

View Only

Expand all | Collapse all

Incident Utilis: Search -- Function result exceeds the maximum size of 5 MB.

1. Incident Utilis: Search -- Function result exceeds the maximum size of 5 MB.

0 Like
SOAR Engineer
Posted Mon November 27, 2023 01:05 PM
Edited by SOAR Engineer Mon November 27, 2023 01:06 PM

Reply
Hello Everyone,

How to handle the spike of incidents observed due to some adhoc activity, any parameter is available to restrict the no.of incidents when exceeds 5MB limit in Incident Utilis: Search Function

Error: An error occurred while processing the action acknowledgment. Additional information: Function result 'results' exceeds the maximum size of 5MB. Finished 'search_incidents' that was running in workflow '964658' Searching ...

Starting 'search_incidents' running in workflow '964658'

Based on the below community link:

https://community.ibm.com/community/user/security/discussion/additional-information-function-result-exceeds-the-maximum-size-of-5-mb

Updated the value to 8MB for testing purpose: sudo resutil configset -key workflow.max_single_prop_mb -ivalue 8

But still the search results are not coming and reverted back the value to default 5MB

Also tried running the search query in in-prodcut scripts using query_builder, getting an error saying results are not returned in 5secs.

Regards,

------------------------------
SOAR Engineer
------------------------------

Powered by Higher Logic