Skip to main content
Panther Knowledge Base

Why do I see high latency on some of my log types in Panther?

  1. Last updated
  2. Save as PDF

QUESTION

Some of my log types may have high average Data Latency in Panther. Why is this happening?

ANSWER

This is the delay between when an event happened and when Panther processed it. It is calculated by taking the difference between p_parse_time (the time Panther parses the log) and p_event_time (the timestamp in the actual log file). It includes the latency introduced by the system sending the data to Panther. 

Common causes of latency include:

  • Batching. Some log sources hold on to events, then send multiple at specific intervals. Depending on the lengh of the interval, the latency can be quite large. For example, some Salesforce plans only allow exports of log events once per day, meaning that some events can have up to 24 hours of latency.
  • High Volume. If Panther experiences a high volume of log events from a particular source, it may take time to process all of them. Complications like processing power or API rate limits can restrict how fast we are able to ingest log events. In those cases, you may see logs with latencies of several hours, depending on the volume of data to be ingested.