This article describes on handling query rejection due to max limit when exporting a report in FortiSIEM GUI.
FortiSIEM 7.2.0.
The message 'Query Rejected: Max query limit reached' would be displayed if a report is reaching its limits:
The purpose of the reports is not to export huge events, however, it should be used to get some meaningful information out of those events using queries used in Analytics or reports. For this reason, limitation are there by design on export result to avoid the performance impact on FortiSIEM.
There is no workaround to increase these limits. It would be necessary to optimize the query with more filters and reduce the number of events generated.
If limit has not been met and still face this issue, then do check the below:
su admin
phtools --stop phQueryMaster
phtools --stop phQueryWorker
Wait a few seconds to see phQuery processes down with phstatus command and then start.
phtools --start phQueryMaster
phtools --start phQueryWorker
This could also be due to browser cache, test this in private window of chrome/firefox browser.
If still suspecting some issues, then feel free to open a ticket with Fortinet support.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.