All Apps and Add-ons

After Installing Palo Alto App in Splunk performance is degraded

raomu
Explorer

Hi,

We recently have deployed Palo Alto App in our environment and noticed performance is degraded.

I went to see all the searched running under Job -> activity

and see most of the jobs are executed under System-user and all are related to Palo Alto that too span of every 2 min.

Spunk Environment details :

Spunk Managed cloud service
24 Indexers
2 SH not in cluster mode

Any suggestion why so many jobs are running for Palo Alto ?

Tags (1)
0 Karma

micahkemp
Champion

Can you include the details (name, search) of the jobs you noticed?

0 Karma

raomu
Explorer

user name - Spunk-System-User
search1 says - WildFire Reports - Retrieve Report
search 2 says - Applications - Retrieve New Apps

like this there are many reports and query.

0 Karma

raomu
Explorer

within 3 min this job has triggered twice

WildFire Reports - Retrieve Report

0 Karma
Get Updates on the Splunk Community!

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...