At first install, all searches were quite fast.
After about 1 week of data, the search results started slowing down.
Which prompts me to ask, are there scalability studies and/or optmization pointers that we need to do?
For example, my "Last 5 minute" report on the following command takes over 20 minutes to complete:
index="syslog" node="firewall" | top src_ip
(time period is set to 15 minutes)
Id welcome any thoughts or ideas on what could be wrong here.
My server cpu is below 10%, my memory utilization is below 40%
disk queue length is less than 2
↧