I am curious what everyones settings are at? I know it is different per company.
I am running a log hybrid and packet hybrid setup, but I am unsure what good values for settings like Database Open Files are, I assume this will increase performance.
do you have any performance issue?
I have been doing some testing today.
I have noticed that if I am running a report the investigator module seems to take a very long time to load.
When I look at the logs, it appears that the queries to return meta are sitting queued until the report finishes the initial query.
do you mean the query queued? can you check SDK-stats, is there any query queued?
With in the logs? Or is their a GUI section?
explore - SDK - stats. you can find the activate queries or the queues.
It appears that a ton queue and some of my reports have more intensive operations. I suspect this might be my issue. My config for this seems very low, a machine as powerful as SA should be able to handle more than the screenshot below. Is the size of my cache/max concurrent queries really low?
you broker connected to how many concentrators? you can try to increase the maximum.current.queries so less will be queued.
Another thing is schedule your reports to night time so it won't affect your investigations.
Retrieving data ...