Ability to override batching a query

[GoogleCodeExporter]

Transforms accept limited results, but sometimes I want to do a query against a 
really large set of data, then do a groupby and send it to a transform and see 
the results...without having to wait for the query to batch and then see the 
saved results.  For example, a query like the following:

‘class=BRO_CONN +srcip=10.x.x.x limit=10000 groupby:dstip | whois | 
sum(descr)’

Allows me to see all of the org's a particular internap IP has been talking to. 
 If I do a limit value of above 10k, the query batches.  If I don't specify a 
limit result at all, I don't get all the results I'm looking for.  And if I 
specify limit=0 (which is what I really want to do), the job batches.

A query like this (with limit=0) against indexed data for a reasonable 
timeframe doesn't take very long to complete at all, so it would be awesome if 
I could specify a query parameter which forced the query not to batch and 
execute right then and there, kinda like archive=1.

Original issue reported on code.google.com by jeffrey....@gmail.com on 31 Aug 2012 at 3:06

[GoogleCodeExporter]

This was added in a recent revision with the "nobatch" directive.

Original comment by mchol...@gmail.com on 8 Sep 2012 at 4:22

• Changed state: Fixed
• Added labels: Type-Enhancement
• Removed labels: Type-Defect