Video Screencast Help
Give us your opinion and win with Symantec! Please help us by taking this survey to tell us about your experience with Symantec Connect, so that we can continue to grow and improve.  Take the survey.

any max running time limit of SSIM query?

Created: 04 Aug 2013 | 1 comment

In these days, I found some long time range (ex: monthly) events queries (such as Top 10 Connection accepted Dst IPs) could not finished in several days. Is there any max running time limit of slow SSIM query? Or any suggestion/solution? Thank you for your support!

SSIM version:

Dataset: Fortinet Firewall accepted/rejected connections (EPS: approx. 800)

Time range: monthly or Weekly

Operating Systems:

Comments 1 CommentJump to latest comment

Tariq Naik's picture

Running queries for several days definitely will not help. There are a few things you should look at: -

  1. Is the server sized correctly. When you size the hardware, you should size it for existing expected peak EPS + 3 years EPS growth potential + 30% for querying. It is important to leave room for querying for good query performance.
  2. You can enable a any summarizers related to your queries. This must be done carefully as summarizers have a performance overhead of their own.
  3. You can also work with support or Symantec Services to enable indexing of additional fields that may help your queries. This must be done carefully as this will also have a performance overhead.

Hope this helps.