search

PaloAltoNetworks / SafeNetworking

Read only mirror. To contribute or submit issues, please go to the website link --->
https://gitlab.com/panw-gse/as/SafeNetworking/
Apache License 2.0
12 stars 10 forks source link

Shard errors due to too many indexes searched per visualization #35

Closed punisherVX closed 5 years ago

punisherVX commented 5 years ago

Continuous shard exceptions in Kibana when process intensive visualizations are used in Dashboards. This is due to the amount of data across indexes.

punisherVX commented 5 years ago

Changing logstash logging from daily timestamped indexes to monthly.

punisherVX commented 5 years ago

Fixed in v3.4

Reduced number of threat-* indexes. Threat indexes are now done by month, rather than day. New format is threat-.

Examples

Sep 2018 is threat-2018.09 Oct 2018 is threat-2018.10

This is controlled by the logstash pan-sfn.conf file in the Output stanza.