I ended up disabling and un-accelerating un-needed saved searches (76 of them). In a local instance of savedsearches.conf:
/opt/splunk/etc/deployment-apps/Splunk_CiscoSecuritySuite/local/savedsearches.conf
[Cisco WSA - Web Request Metrics - Users with Multiple UAs]
disabled = 1
auto_summarize = 0
.
.
.
[Cisco IPS - GC - Top Attackers]
disabled = 1
auto_summarize = 0
... View more