I'm trying to find out if there is anything else I need to do to allow me to view and close out more than 10,000 events at a time. I understand it's best to slice and dice it up so that there are less than 10,000 - however, in my case, there is no way to do so unless there is a way to get down to filtering by the minute. It's all one user - hitting one IP/Domain - and there's usually around 21,000/day.
I did find this:
https://www-secure.symantec.com/connect/forums/res...
And I was able to modify the config as mentioned on the enforcer:
"In the Manager.properties file (in /opt/Vontu/Protect/config), change the setting:
com.vontu.manager.maxshowallincidents=10000
Comments in that section indicate that memory errors might occur if this number is set too high.
If exporting a report with more than 10000 incidents via email, this setting may need to be changed in the sale file:com.vontu.manager.maxautodistributionincidents=10000"
I have recycled the enforcer's services and still, I get the error of 10,000 limit.
Am I missing something else that needs to be done? I just need to purge some of these out!