Re: Colo in Africa

[Ken Gilmour <ken.gilmour () gmail com>]

We have a different use case to traditional analytics - We're aimed at
consumers and small businesses, so instead of a SOC with one big screen
refreshing 10000 rows of only alert data every 30 seconds, we have
thousands of individuals refreshing all of their data every 30 seconds
because there are comparatively less alerts for individuals than
enterprises.

What you "should" do often doesn't translate to what you "do" do.

On Tue, 16 Jul 2019 at 11:23, Valdis Klētnieks <valdis.kletnieks () vt edu>
wrote:

> On Tue, 16 Jul 2019 10:39:59 -0600, Ken Gilmour said:
>
> > These are actual real problems we face. thousands of customers load and
> > reload TBs of data every few seconds on their dashboards.
>
> If they're reloading TBs of data every few seconds, you really should have
> been
> doing summaries during data ingestion and only reloading the summaries.
> (Overlooking the fact that for dashboards, refreshing every few seconds is
> usually pointless because you end up looking at short-term statistical
> spikes
> rather than anything that you can react to at human speeds.  If you *care*
> in
> real time that the number of probes on a port spiked to 457% of average
> for 2
> seconds you need to be doing automated responses....
>
> Custom queries are more painful - but those don't happen "every few
> seconds".