|Applies To||RSA Product Set: NetWitness Logs & Network|
RSA Product/Service Type: NetWitness Server, NetWitness Archiver, NetWitness Broker, NetWitness Concentrator, NetWitness Reporting Engine
RSA Version/Condition: 10.6.x, 11.x
|Issue||How to optimize lookup_and_add queries in RSA NetWitness Reporting Engine?|
When using the RSA NetWitness Reporting Engine lookup_and_add queries, this can result in a vast number of subqueries being generated to complete the task. Because of this, running these queries can be very performance-intensive and take a long time to complete.
The recommendations below may be used to modify the queries to improve their efficiency.
Modify the maximum pending queries on Services.
Change the lookup_and_add queries configuration on the Reporting Engine Service.
Change the query level for those NetWitness logins who are executing the lookup_and_add queries.
If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article ID for further assistance.
|Notes||Additional references to the lookup_and_add queries configuration are discussed in the Reporting User Guide|
|Legacy Article ID||a66602|