I've been working on some specific automation tasks with ePO web-API and have discovered that there seems to be a limitation or bottleneck that slows it down when asking for a list of thousands of endpoints.
I can succesfully get a list of endpoints via command-line with curl.exe, or sending the same web-API command via a browser, but only if the number of endpoints in that group is approximately 500 or less.
Command syntax: curl -k -u usernameassword "https://server.domain.local:8443/remote/epogroup.findSystems?groupId=3&searchSubgroups=true"
When querying other groups that contain well over 500 endpoints (many thousands) it chokes and doesn't return anything. I've let it sit for over half an hour on a few occasions, but never got a response back from the server, so just hit ctrl-C and used the normal web interface to export a list of endpoints like normal human beings do. Sadly this means I am now unable to automate the export of endpoint names that I can then work on programmatically.
I have an SR open about it and support have confirmed that the behaviour is consistent and happens for them too, however they left it going for 2 or 3 hours and it eventually returns results, but unfortunately with the quite lengthy delay. I've asked whether this is something that can be configured within ePO web-API, and will see what they say about that.
My question is: has anyone been able to get around this apparent limitation with ePO web-API not returning large numbers of endpoints via command-line?
What version of SQL? If MS, the SQL server sometimes has limitations on how much it will provide at one time. AD queries can cause this problem as well.
I don't believe there is a limitation with the SQL configuration - will check up on this though. It works fine when viewing many thousands of endpoints in the system tree, however doesn't respond the same way when using ePO web-API, which to me feels like a config issue with web-API (eg some sort of throttling), or some sort of bug with web-API. Still waiting on a response from support about this.
Solution: this was a syntax issue. Got the answer from Intel Security support. Here is the correct syntax to use when querying large amounts of endpoints in a system tree. Note: this is purely using webAPI, not relying on someone's powershell module such as "ePowershell" or similar.
Incorrect syntax I was trying: curl -k -u usernameassword "https://eposerver:8443/remote/epogroup.findSystems?groupid=1&searchSubgroups=true"
Correct syntax provided by Intel Security support: curl -k -u usernameassword "https://eposerver:8443/remote/epogroup.findSystems?groupid=1&searchSubgroups=true&utput=terse"
The extra bit on the end "&utput=terse" was what made the difference, and allowed the query to complete in a minute or 3, rather than 3 or more HOURS.