Slow Performance of an Aging Widget Based on Analyzer Widget Searches
Article ID: 184787
Updated On:
Products
Information Centric Analytics
Data Loss Prevention Core Package
Issue/Introduction
Slow performance of an Aging widget that contains several Rollups based on Analyzer widget searches. One particular Analyzer search contained a large number of .MIL and .GOV domains.
N/A
Cause
Due to the high number of data elements included in the Analyzer view, this impacts how quickly the query is processing.
Resolution
With the high number of data elements included in the Analyzer query, it was decided that it was best to create an Event Scenario Set, then use that set as a rollup. This optimizes the execution of the query, and the resulting set can be filtered further for remediations.
Follow these steps to create an Event Scenario Set that will be used as a Rollup.
1. In Analyzer, create your search view.
2. Right click on the Total value, select “Create Saved Search”
3. Give the saved search a name, and make the search “Event Scenario Set.”
4. In the Admin section, create an Event Scenario.
5. In the event scenario, specify the rollup category, in the Event Scenario Set, select the event scenario created in step 3. Save the Scenario.
6. In the Data in Motion Event page, click on New Search.
7. In the “Included in Scenario” dropdown, select the Event Scenario created in Step 5.
8. Add additional filtering, like status, severity, and other values necessary.
9. Click Search. At the top of the page, save the search as a Rollup. NOTE: Until the Processing Job runs, the result set will return empty. Once the Processing Job completes, a data set will return.
10. Modify the Data in Motion dashboard to add the new rollup. Click Save.
Follow these steps to create an Event Scenario Set that will be used as a Rollup.
1. In Analyzer, create your search view.
2. Right click on the Total value, select “Create Saved Search”
3. Give the saved search a name, and make the search “Event Scenario Set.”
4. In the Admin section, create an Event Scenario.
5. In the event scenario, specify the rollup category, in the Event Scenario Set, select the event scenario created in step 3. Save the Scenario.
6. In the Data in Motion Event page, click on New Search.
7. In the “Included in Scenario” dropdown, select the Event Scenario created in Step 5.
8. Add additional filtering, like status, severity, and other values necessary.
9. Click Search. At the top of the page, save the search as a Rollup. NOTE: Until the Processing Job runs, the result set will return empty. Once the Processing Job completes, a data set will return.
10. Modify the Data in Motion dashboard to add the new rollup. Click Save.
Feedback
Yes
No
Powered by
