09-23-2014 07:09 AM
I ran 2 Panorama reports, using the detailed and summary databases, on application usage over the last 24 hours (simple reports, just top Applications ranked by bytes, no filters)
the results were completely different e.g the figures for web-browsing:
Summary: 720G
Detailed: 3.3T
The detailed figure looks correct, why is the summary figure so out of line?
Obviously we have quite a lot of traffic and logs and running reports using the detailed database takes forever, I'd prefer to use the summary database but the figures are completely wrong.
09-23-2014 07:16 AM
Hi NOC,
Summary and Detailed logs are totally different parameters.
The entries under the detailed traffic logs are purged at a faster rate than the summary traffic logs. The hourly, daily, and weekly summaries are roll ups of 15 minute summaries on an hourly basis and a roll up of the hourly summaries on a daily basis as well as a roll up of the daily summaries on a weekly basis. So as we continue to roll up data the results can become summarized even further. This can lead to greater discrepancies between summarized databases and non-summarized databases.
You can also refer following threads for more details.
Custom reports for Summary vs Detailed logs database
Let me know if this helps.
Regards,
Hardik Shah
09-23-2014 07:52 AM
Assuming the detailed logs haven't been purged I would expect the figure for total bytes to be approximately the same in both databases (for the same query) - we have 8T of log storage with 60% allocated to the detailed logs so this shouldn't be an issue on a query only looking at the last 24 hours.
i.e. if there is a steady 1G of web-browsing in a 15 minute period, this should get rolled up to be 4G for the 1 hour summary, 96G for the daily summary etc - or am I misunderstanding how the summary works?
Even if some of the detailed logs had been purged I would then expect the figure for total bytes to be higher from the Summary database, not lower as we are seeing.
09-23-2014 09:54 AM
Hi NOC,
Can you provide us disk utilization differences on your firewall for sumVsDetailed. That will be more clear.
Regards,
Hardik Shah
09-24-2014 06:12 AM
Hi NOC,
Thanks alot for response, this explains allocation.
I would like to see data for comparison " Even if some of the detailed logs had been purged I would then expect the figure for total bytes to be higher from the Summary database, not lower as we are seeing."
Regards,
Hardik Shah
09-24-2014 09:12 AM
which data would you like to see?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
