The users may not see the results they expect in the UI or the system may perform poorly. Reports may be blank or take excessively long times to return 100% of their results.

Release : 8.x

Systems which are over allocated with more traffic than it can successfully capture and index will periodically corrupt internal tables.  This will produce unexpected and inconsistent results.  The immediate problem might be resolvable but this does not always happen.  The exact problem will either come back or it will back in another form. Anything over 3.5Gb/s may be more than the system is capable of capturing and indexing.

Reduce the capture rate or reduce the load introduced by rules which are complex and require extensive resources to complete.