I have noticed that my data is indexing correctly but seems to be getting indexed more slowly than before. I have not upgraded and have used SoS to check the indexing performance.
It looks like the Parsing, Aggregation and Typing queues are all between 75% and 100% full.
The Indexing queue is not hitting the max and nearly empty.
Total CPU usage is showing regexreplacement is between 75% and 100%.
I have the Palo Alto Networks app installed and enabled with the bulk of my data coming from the Palo Alto Network product logs. Can the regexreplacement performance be improved?