Best query to run a report on a Destination IP address lookback for 90 days? Memory Issues and Requirements.
I'm trying to figure out what the fastest way to run a report that does a 90 day lookback on and IP address. This could be source or destination. The lookback needs to go across most connectors. We receive approx 130 million events per day. We are running 6c with latest patch. The query right now takes between 35 - 45 minutes. I'm trying to determine what is a normal report time for this. Any ideas, thoughts or help would be greatly appreciated.
On a side note my ESM box is only using 16GB of ram out of 128GB of ram. I would really like to know if there is a reason it is not using all of the memory. How much affect does RAM usage have on query and report running times?