This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Datalake Performance Issues

Hi,

Does anyone else have issues with Datalake queries just timing out? It's been pretty unusable for us every since we turned on the function. We have around 15,000 endpoints on our Central environment so I wonder if it's just down to the sheer volume of data it needs to query? We also use MS MDE for threat hunting, this returns results in seconds.

Live endpoint queries are fine, they work pretty much 100% of the time, Datalake just seems to struggle with any queries we run (Built-in quieres or our own)

Many Thanks

Tom

This thread was automatically locked due to age.

0 Qoosh over 2 years ago

Hello Tom,

Thank you for reaching out to the Sophos Community Forum.

Could you verify if the "Data Lake uploads" option has been turned on from the Global Settings menu?

Once the uploads are enabled, it will take some time for the information to be gathered from your endpoints and server to be uploaded to the Data Lake. If you are continuing to face issues after having done this, please let me know.

If there are any specific queries you are encountering errors with, let me know which in-built ones these are and I can try testing on my side to provide further feedback.

Kushal Lakhan

Team Lead, Global Community Support
Connect with Sophos Support, get alerted, and be informed.
If a post solves your question, please use the "Verify Answer" button.

The New Home of Sophos Support Videos! - Visit Sophos Techvids
Cancel
Vote Up 0 Vote Down

Cancel