All Apps and Add-ons

After Installing Palo Alto App in Splunk performance is degraded

raomu
Explorer

Hi,

We recently have deployed Palo Alto App in our environment and noticed performance is degraded.

I went to see all the searched running under Job -> activity

and see most of the jobs are executed under System-user and all are related to Palo Alto that too span of every 2 min.

Spunk Environment details :

Spunk Managed cloud service
24 Indexers
2 SH not in cluster mode

Any suggestion why so many jobs are running for Palo Alto ?

Tags (1)
0 Karma

micahkemp
Champion

Can you include the details (name, search) of the jobs you noticed?

0 Karma

raomu
Explorer

user name - Spunk-System-User
search1 says - WildFire Reports - Retrieve Report
search 2 says - Applications - Retrieve New Apps

like this there are many reports and query.

0 Karma

raomu
Explorer

within 3 min this job has triggered twice

WildFire Reports - Retrieve Report

0 Karma
Get Updates on the Splunk Community!

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...