ACC Tab Slow Generating Longer Duration Reports Such As 7 Days

• ACC tab is taking 10 minutes or longer to populate all the data panes when the report duration is for longer periods such as "Last 7 Days" or "Last 30 Days"
• ACC tab for 1 day or 1 hour is very quick - such as less than 1 minute

• PA-820
• PA-850
• PA-220
• Any PAN-OS

• ACC Reports are populated from the summary log databases.
• The issue could be that the firewall does not store enough historical summary logs to populate the ACC report for the number of days chosen.
• For the longer duration ACC reports such as "Last 7 Days" or "Last 7 Calendar Days", etc, the firewall will first try to query the longer timeframe summary databases for the data.  If the data is not complete for the time period selected, then the smaller interval timeframe summary databases will be queried to fill in the gaps.
• The queries generated on the smaller timeframe databases to populate the larger timeframe ACC reports can extend the time required to generate the reports significantly.

• For example, from "show system logdb-quota" output, and analyzing the number of days retention for the traffic summary logs:

traffic: Logs and Indexes: 49G Current Retention: 14 days
threat: Logs and Indexes: 717M Current Retention: 65 days
system: Logs and Indexes: 1.6G Current Retention: 162 days
config: Logs and Indexes: 111M Current Retention: 84 days
alarm: Logs and Indexes: 40K Current Retention: 0 days
trsum: Logs and Indexes: 12G Current Retention: 22 days       <---- 15 minute traffic summary logs
hourlytrsum: Logs and Indexes: 4.9G Current Retention: 2 days <---- hourly traffic summary logs
dailytrsum: Logs and Indexes: 1.5G Current Retention: 5 days  <---- Daily traffic summary logs
weeklytrsum: Logs and Indexes: 1.5G Current Retention: 33 days
thsum: Logs and Indexes: 368M Current Retention: 65 days
hourlythsum: Logs and Indexes: 604M Current Retention: 65 days
dailythsum: Logs and Indexes: 153M Current Retention: 65 days
weeklythsum: Logs and Indexes: 102M Current Retention: 61 days
appstatdb: Logs and Indexes: 203M Current Retention: 84 days
userid: Logs and Indexes: 7.8M Current Retention: 76 days
iptag: Logs and Indexes: 36K Current Retention: 0 days
urlsum: Logs and Indexes: 5.0M Current Retention: 62 days
hourlyurlsum: Logs and Indexes: 1.2M Current Retention: 62 days
dailyurlsum: Logs and Indexes: 1.2M Current Retention: 62 days
weeklyurlsum: Logs and Indexes: 344K Current Retention: 61 days
gtp: Logs and Indexes: 36K Current Retention: 0 days
gtpsum: Logs and Indexes: 732K Current Retention: 0 days
auth: Logs and Indexes: 36K Current Retention: 0 days
sctp: Logs and Indexes: 36K Current Retention: 0 days
hourlysctpsum: Logs and Indexes: 8.0K Current Retention: 0 days
dailysctpsum: Logs and Indexes: 8.0K Current Retention: 0 days
weeklysctpsum: Logs and Indexes: 8.0K Current Retention: 0 days
decryption: Logs and Indexes: 324M Current Retention: 76 days
desum: Logs and Indexes: 320M Current Retention: 76 days
hourlydesum: Logs and Indexes: 8.0K Current Retention: 0 days
dailydesum: Logs and Indexes: 8.0K Current Retention: 0 days
weeklydesum: Logs and Indexes: 8.0K Current Retention: 0 days
globalprotect: Logs and Indexes: 238M Current Retention: 76 days

• Using the example output above - if one wishes to generate an ACC traffic report for the "Last 7 days", The firewall will initially query the daily traffic summary or  "dailytrsum" database which only has 5 days of log retention stored. 
• To, to populate information for the remaining two days the firewall will query data from the smaller timeframe interval "hourlytrsum" or hourly traffic summary database. 
• Since only 2 days of hourly traffic summary data is available, the firewall will then need to query the 15-minute traffic summary database or "trsum".
• This causes a delay in generating the ACC Report.

1. To speed up the ACC tab report generation, ensure there are more days of daily summary logs retained than the time period used for querying the ACC tab.
2. It may be necessary to increase the storage allocations in GUI: Device > Setup > Management > Logging and Reporting Settings in order to retain more history.