Article Content
Article Number | 000026984 |
Applies To | RSA Product Set: NetWitness Logs & Network RSA Product/Service Type: NetWitness Server, NetWitness Archiver, NetWitness Broker, NetWitness Concentrator, NetWitness Reporting Engine RSA Version/Condition: 10.6.x, 11.x Platform: CentOS |
Issue | How to optimize lookup_and_add queries in RSA NetWitness Reporting Engine? |
Resolution | When using the RSA NetWitness Reporting Engine lookup_and_add queries, this can result in a vast number of subqueries being generated to complete the task. Because of this, running these queries can be very performance-intensive and take a long time to complete. The recommendations below may be used to modify the queries to improve their efficiency.
Modify the maximum pending queries on Services.
Change the lookup_and_add queries configuration on the Reporting Engine Service.
Change the query level for those NetWitness logins who are executing the lookup_and_add queries.
If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article ID for further assistance. |
Notes | Additional references to the lookup_and_add queries configuration are discussed in the Reporting User Guide |
Legacy Article ID | a66602 |