F5 for Security - Slow to load BIG-IP Hostname, an...

MasterOogway · ‎11-18-2011

Has anyone else experienced a deathly slow loading of the "BIG-IP Hostname" dropdown, or any other dropdown fields in the new "Splunk for F5 Security" App? We can search the data in normal display speeds, but once we move into the App and go do any of the ASM drop downs each field takes upwards of 5 minutes to load.
The "asm_log" has been set correctly in the inputs.conf...which is really the only requirement to have this App run correctly from the Index server side. The F5 is pushing data correctly because we can test that in a normal search.

Running v4.1.4
(2) Quad-Core processors; 48Gb Mem; (2) 146Gb SAS 10k HDD's; NAS storage for install & indexing.

On all previous installations over nine other environments, we have NEVER had an issue running on NAS as it is tuned to the "T's" for our Oracle installations.

Thoughts? Ideas? Anyone else experiencing this?

wagnerbianchi · ‎05-04-2013

I've got the same scenario on our tests with this app. We've implemented this app storing data upon a storage with 800 I/O per sec, moved to a SSD storage and now, we've ran upon a blade. On all scenarios we've observed the read operation too slow, after reaching 5GB of indexed data. Besides to it, we've looked for help to adjust configuration related to the app fields - the only field extration problem we've got this time is with field attack_type. Could you let me know if you've got problems with that mentioned field?

I am looking forward to hearing from you, tks!

F5 for Security - Slow to load BIG-IP Hostname, and other dropdowns

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!