.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
Issue
There appears to be an unpublished size limitation imposed on an app rule.Resolution
Although unpublished, the max size of an app rule is hardcoded at 8k. To this same note, any rule approaching or at that size can have large performance implications. Best practices dictate rules are designed and kept to as small a size as possible so they do not impact performance.
Below is a sample from /etc/netwitness/ng/NwLogdecoder.cfg showing maximum length config for rule "test rule"
Product Details
NetWitness Product Set: NetWitness Logs & Network
NetWitness Product/Service Type: Log Decoder, Packet Decoder
NetWitness Version/Condition: 11.x , 12.x
Platform: CentOS, AlmaLinux
Approval Reviewer Queue
Technical approval queue