I have a few questions about the recently posted notice: http://www-01.ibm.com/support/docview.wss?uid=swg21666016
Isn't the intended function of send-identity="OverrideAndAlwaysSend" to update asset profiles? How can I tell if the volume of updates is too much?
How long is too long for loading the asset tab? (I wouldn't describe it as fast.) How can you tell how many updates to an asset there have been?
I don't see any warnings for "TX Sentry" in /var/log/qradar.log . About every 30 seconds "Processing TX" and "Saving TX" show about 0.3MB. What is an acceptable volume?