David Shpritz
David Shpritz
An additional note to this (which I really do recommend doing), is that if you are using an index that is not in your list of default indexes to be...
I feel like the session_id and event_if fields are generally not used and and contribute to the problem. On more than one occasion I have seen instances where the DM...
Sorry, haven't had a good opportunity to look through it. Really, any of the extraneous fields that have high cardinality. I will be at conf. See you there! On Fri,...
This remains an issue. The accelerated data model size for this data tends to be very large, sometimes larger than the source data. I'm afraid I don't have the time...
That feature doesn't do what you think it does. That feature is for dropping the metadata from indexed data to reduce space usage by indexed data, but isn't meant for...
Just some anecdotal evidence, we checked one of our customers' deployment to grab some numbers. They have 30 days of PAN data, which is taking up about 2tb of space...
I think that will help, but the overall problem is the high cardinality of the fields that are included in the data model. I checked out the docker container, but...
Yes, you should. Depending on the infrastructure, things may not show up in wineventlogs. For example, someone brute forcing the admin login. Here are some configs: `props.conf` ``` [pan:system] #...