CPUs seem very busy in Security Analytics
search cancel

CPUs seem very busy in Security Analytics

book

Article ID: 244560

calendar_today

Updated On:

Products

Security Analytics

Issue/Introduction

The CPUs may appear to be very busy.  There may be one or two or many cpus which are very busy.  Some may be 100% busy at all times. The system has some CPUs which are dedicated to processes.  Complex reports or extractions will use multiple CPUs.  Reports and extractions with wide timespans may require one or more CPUs for extended periods of time.

Resolution

  • One CPU core is dedicated to each capture port which has packet capture enabled.  A CPU will show as 100% busy for each port enabled.
  • Each report will require a CPU while it is running.  Some views under Analyze -> Summary have many reports and therefore when that view is accessed, there will be many CPUs allocated.
  • The wider the timespan for a report the more data which must be scanned.  This extends the amount of time the CPU is busy.
  • The more the report fields you have, the more CPUs required.

Each criteria specified will cause a search to determine if there is a match.  If there are three search criteria, there will be three searches.  Each search will extend the amount of time that a report will run and the amount of time a CPU is consumed.  Try to reduce the number of criteria to what is needed or expect more CPU time required to complete a report.