Ques on MAX QUERY LIMIT REACHED and Asset connectivity dashboard

KT06 · ‎10-28-2025

1. Asset Connectivity Dashboard:

I want to build a dashboard in FortiSIEM to monitor connectivity status of all assets firewalls (syslog), Windows agents, and Linux servers (syslog). Need help with the right analytical filters or logic to show if these devices are actively sending logs or not. Please suggest any specific steps or best practices to set this up.

2. Query Max Limit Reached:

I keep getting the “Query Max Limit Reached” error many dashboard and default queries stay in running or waiting state, blocking new analytics queries. Can someone explain why this happens and how to manage or stop these background queries? Need steps or recommendations to prevent it from recurring

verison 7.2.5
#Fortisiem

Reg,

@kt

Lukas_Scholz · ‎11-20-2025

Hey KT,

You might want to have a look at Solved: FortiSIEM // Incident generation for offline Devic... - Fortinet Community
You might be able to use queries from there to check for devices sending or not sending logs.

Otherwise you could build a detection on PH_DEV_MON_LOG_DEVICE_DELAY_HIGH which will trigger once a devices over steps the high delay threshold. The threshold can be set via CMDB attributes per device or in ADMIN -> DEVICE SUPPORT -> Custom properties (For all devices in CMDB as default value)

The Incidents can then be queried to see potential offline devices. You can then use the lookup tabels to filter the offline devices out to show all online devices. For that the lookup tabel can be automaticly updated with the newest CMDB devices as needed.

I hope this could help you.

Best Regards,
Lukas

L. Scholz

Ques on MAX QUERY LIMIT REACHED and Asset connectivity dashboard

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website