Data Loss Prevention

 View Only

  • 1.  Incident View taking excessive time

    Posted Feb 22, 2018 02:39 PM

    We just completed the upgrade to DLP version 15.0.01.  SInce the upgrade completed, it takes anywhere from 4 to 8 minutes to call up the incident detail.  I can see a report very quickly and filter and sort the incidents without any delays but will see the long delay if I try to look at a single incident.  It is very consistent in doing (which obviously makes the system unusable for that purpose).  Any ideas on why a process that would usually respond within seconds is now taking multiple minutes?



  • 2.  RE: Incident View taking excessive time

    Trusted Advisor
    Posted Feb 23, 2018 09:51 PM

    JDW7,

    I assume this is happening on ALL incident views, if its a few of them, it might be something else with the incidnet.

    If its' all of them.There can be a lot of reasons for this.

    1. The DB Is large and there are to many incidents in the system - Make sure to purge the OLD incidents that you do not need (anything over 500K is too many unless you spec the DB\Enforce properly
    2. The DB or Enforce is under some serious load and there is not enough CPU/Memory - What are the current DB specs? VM (shared?) or Physical
    3. I would check the DB stats - GO to the DB section under system and then run the stats and see the timing for some of the calls.
    4. You can also have a DBA check what is happneing when you click on the Incidnet to see where the bottle neck is.

    V15 did hav some different minimum specs in comparison to V12.. so make sure the specs are up to date.

    If non of this works.. log a case with SYMC and ther DBA can run some checks.

    Good Luck,

    Ronak

    PLEASE MARKED SOLVED



  • 3.  RE: Incident View taking excessive time

    Posted Feb 24, 2018 01:48 PM

    If this is after upgaradation issue then seems something missing between DB and Enforce. Check compatbility and configuration



  • 4.  RE: Incident View taking excessive time

    Posted Feb 26, 2018 11:50 AM

    Ronak, thanks for the reply.  We do have a large database with well over 1 million active incidents (although that hasn't significantly changed since the v14 instance).  The database is on a dedicated, physical server with 2 CPUs/6 cores and 32 GB of RAM with a Linux RHEL 6.7 OS (again, no change since v14).  Everything else seems to be running very quickly with no issues.  The only issue seems to be viewing incident detail and that is an issue for all incidents.

    I have logged a case with Symantec and will see what they have to say.  It may be related to the 2600 incidents that got hung up in the system during the upgrade and cannot seem to be processed.