Hello Everyone,
How to handle the spike of incidents observed due to some adhoc activity, any parameter is available to restrict the no.of incidents when exceeds 5MB limit in Incident Utilis: Search Function
Error: An error occurred while processing the action acknowledgment. Additional information: Function result 'results' exceeds the maximum size of 5MB. Finished 'search_incidents' that was running in workflow '964658' Searching ...
Starting 'search_incidents' running in workflow '964658'
Based on the below community link:
https://community.ibm.com/community/user/security/discussion/additional-information-function-result-exceeds-the-maximum-size-of-5-mb
Updated the value to 8MB for testing purpose: sudo resutil configset -key workflow.max_single_prop_mb -ivalue 8
But still the search results are not coming and reverted back the value to default 5MB
Also tried running the search query in in-prodcut scripts using query_builder, getting an error saying results are not returned in 5secs.
Regards,
------------------------------
SOAR Engineer
------------------------------