Troubleshooting
Problem
How to determine what QRadar processes are using the most resources.
Symptom
The system is running a little slower than usual, and you need to determine which process is taking up the most resources.
Resolving The Problem
If you need to determine which QRadar process is consuming the most resources, there is a Top like tool that specifically works with QRadar processes called theadTop. This tool monitors QRadar processes, and can give an indication of performance issues.
To initiate threadTop
- SSH into the QRadar Console as the root user.
- Type the following command:
Example:/opt/qradar/support/threadTop.sh
Results
Processes that are over 1700 milliseconds for more than a few intervals, might be an indicator of an issue.
- If you need more specific results, try watching the output for the single service only on the specific port.
- For example, if you are interested more in the ecs-ep service you can use the following syntax:
Where/opt/qradar/support/threadTop.sh -p 7799-pis the port on which a particular service is running. - The list of ports and services available for the appliance (it depends on the component in the deployment) you can retrieve by using this command:
grep JMXPORT /opt/qradar/systemd/env/*
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM - SSBQAC"},"ARM Category":[{"code":"a8m0z000000cwtiAAA","label":"Performance"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
09 February 2023
UID
swg21978401