On Tue, 16 Jul 2019 15:54:10 -0600, Ken Gilmour said: > We have a different use case to traditional analytics - We're aimed at > consumers and small businesses, so instead of a SOC with one big screen > refreshing 10000 rows of only alert data every 30 seconds, we have > thousands of individuals refreshing all of their data every 30 seconds > because there are comparatively less alerts for individuals than > enterprises.
Plenty of room for lots of optimizations there, especially in conjunction with some client-side caching. If they're generating enough *new* events every 30 seconds to cause any significant load, they're either in the middle of a major event (something that shouldn't happen too often) or they have the logging is set to be so verbose that they're likely to miss actual important messages.
pgpBsYa0nzNW2.pgp
Description: PGP signature