This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(9.6, 33%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
Hi Community,
Using the Graph Security API, I submitted 1.9 million unique network ip indicators to my Sentinel workspace with concurrent threads. I verified the count via responses from the API. However, the sentinel only shows the ingestion of roughly 1.2 million unique indicators after much delay.
What happen to the rest? Did api drop them somehow? If it did, wouldn't the response tell me so?
Is there a limit on ingestion that I've not noticed?
Much appreciate any help!
@SentinelNoob
Thank you for your post! To better help answer your questions, would you be able to share the specific GraphAPI call that you used when submitting 1.9 million unique network IP indicators?
Any additional information such as what API you used to count the responses would be greatly appreciated.
Thank you for your time and patience throughout this issue.
Yes, the api urls is https://graph.microsoft.com/beta/security/tiindicators/submitTiIndicators
When the call to the api is successful, it returns with the same data that was submitted. I logged the response and count the number of indicates in the response.
As you're getting good amount of data, i am not sure you tried the pagination (check the constraints section & workaround) ?