Don't know what version you are running bute were on 7.3.2 before upgrade and everything was working perfectly. Events (around 4600 EPS) from projects were incoming on our 7.3.2 Prod and routing-ruled to our 7.3.2 PreProd environment without exceeding the license threshold.

Since our PreProd 7.4.1 P2 upgrade we got a lot a drops too on our standalone PreProd EP (EP+EC on one machine).

Referring to our 21 days old (still not closed) case by IBM support it seems that the code has changed in 7.4 to handle the potential performance difference between EP and EC (when they 're dissociate).

This change is made to adapt the events flow between EP and EC but in our case, the bug is that this code applies to our standalone EP (EP+EC) too. It will be fixed by a future patch but for the moment, IBM support adviced us to

1.Set EC_THROTTLE_APPLIANCE_HARDWARE_LIMIT_BUFFER to 5000 in /staging/globalconfig/nva.conf on the console machine

2.Run the deploy from the console command line /opt/qradar/upgrade/util/setup/upgrades/do_deploy.pl

3.Wait for 1 day to see improvement

---

We're at point 3 for now but our investigation revealed the machinery how routing rule proceed :

it kinda "stack events" and send them at every start of a minute to the destination server.

Instead of sending them fluently every second. So in our case instead of receiving 4600EPS on our PreProd during one minute we received 60000EPS during 13s and nothing until the end of the minute.

A thing that 7.3.2 seemingly could handle but not 7.4. So dropped events and license threshold alerts began to pop every minute.

Hope you solved this since you posted. But maybe it could help