Skip to main content
Panther Knowledge Base

How do I debug a slow performance in the cache or panther-kv-store?

  1. Last updated
  2. Save as PDF

QUESTION

How do I debug a slow performance in the cache or panther-kv-store? I have a detection that counts events using this cache, and only sends an alert when a certain number of events has matched this detection.

ANSWER

In general, we recommend using deduplication with a threshold to count matching events before alerting on a certain number of matches. Panther's deduplication system tends to perform much more quickly for this purpose than the cache.

Caching delays have been correlated with detections enabled on high-volume log sources. If you're experiencing slow caching performance, please contact Panther support.

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Page type
    Topic
  2. Tags
    This page has no tags.