bk-cs
commented
5 months ago This is normal and expected behavior; the majority of the CrowdStrike APIs won't return more than 10,000 results--they're designed to return the results of a filtered search, not "all data". -All is provided as a "best effort" fashion to return whatever the API will allow you to retrieve through pagination.
In general, it's best to try different filter values until you have a total result set of less than 10,000. Breaking the results into groups using timestamps, names, etc.
Here's an example script that will break "applications" up into smaller groups when using the Falcon Discover APIs: https://github.com/CrowdStrike/psfalcon/blob/dev/samples/discover/retrieve_hosts_and_their_applications.ps1
brushenas
Describe the bug
The following code to retrieve a large number of accounts (more than 20K accounts) but the function fails after 10,000. Not sure if I am using the Limit and Offset parameters properly or not but if it is wrong I will appreciate if you can provide a sample.
To Reproduce
function LoadCrowdStrikeAccounts { param([string]$filter) [int]$offset=0 [int]$limit=100 $accounts=$() do{ $accts=Get-FalconAsset -Account -Filter $filter -Limit $limit -Offset $offset -Detailed $offset +=$limit $accounts +=$accts
} while($accts.count)
return $accounts }
$crowdUsers=LoadCrowdStrikeAccounts -filter "username:!null"**_
Write-Result: C:\Users\BRUSHENAS\Documents\PowerShell\Modules\PSFalcon\2.2.6\private\Private.ps1:663:9 Line | 663 | Write-Result $Object |
~~~~| {"code":400,"message":"offset 10000 and limit 100 are invalid; offset + limit must be less than or equal to 10000"}Expected behavior I am expecting to return me the total number of accounts which is more than 20,000
Environment (please complete the following information):
Additional context Add any other context about the problem here.
Transcript content If possible, please include a PowerShell transcript.