Hi There,
Do any of you have lags/sluggishness while editing the search query?
The lag is getting worse with increasing the time range of the search.
I know its not that, but it will have the same result if all the logs being downloaded and filtered client side…
Any clues what is going on ?
EDIT: Might be the auto syntax checker of the query terms ? How can this turned of ?
PS: Tried with different browsers and machines to no avail.
Cheers!
Hi Nikolay,
I have a few customers bring up this issue in the past and the issue is normally resolved if you select the “Log Display” dropdown (while in log search) and make sure “No Key Highlighting” is selected.
Hey @nikolay_paskov,
As @sam_ozinga stated, this can be helped by checking the option of “No key highlighting” from the log display drop-down menu in the log search window:
A few side effects of checking that option are as follows:
Wait, what?!
insightIDR want to kill my browser by design or my laptop is just too weak to handle the might of this solution ?
Looks like I’m going to open a ticket with the support just to be sure.
LOL, it’s definitely not trying to kill the browser by design, depending on the amount of logs you are attempting to search or how extensive your query is, with the keywords being highlighted, IDR needs to go through each log and highlight them which explains the lag, disabling key highlighting help alleviate this. You still have full functionality of using the keywords in your where staement, groupby, calculate, etc, so nothing changes from a query perspective with key highlighting turned off. I actually have it removed whenever I’m doing queries myself. If the problem is persisting I would definitely recommend opening a case with support to ensure nothing else is going on.
That should save me an hour or so a day!
I’m sure it never used to be this slow, is it a case of as the amount of data increases it slows down?
Hey @chris_page,
So yes there are multiple factors that can affect the speed of the log search, the biggest one is how many logs you are attempting to search through with also how complex your query is. I’ve noticed using regex shortcuts in place of multiple OR LEQL operators will slow down the query as well, along with using CIDR notations, etc, etc. The keyword highlighting adds to the latency as well.
As an example searching back 30 days of AD Admin Activity logs will yield results much faster than say 7 days of Firewall Activity logs just based on the shear volume of FW logs. When I have to do long historical searches, I will look to see what log sets I’m searching, and based on the volume I will break it up and do multiple searches against multiple Time Picker choices.