Tables are not producing expected results in Security Analytics

book

Article ID: 211251

calendar_today

Updated On:

Products

Security Analytics

Issue/Introduction

The users may not see the results they expect in the UI or the system may perform poorly.

Cause

Systems which are over allocated with more traffic than it can successfully capture and index will periodically corrupt internal tables.  This will produce unexpected and inconsistent results.  The immediate problem might be resolvable but this does not always happen.  The exact problem will either come back or it will back in another form.

Environment

Release : 8.x

Resolution

Reduce the capture rate or reduce the load introduced by rules which are complex and require extensive resources to complete.