Configuration
Configuration parameters control how the Milestone Generation Engine operates, balancing performance, resource usage, and completeness of results.
All configuration parameters are set in the nva.conf configuration file. Before you adjust any parameters, establish baseline metrics and monitor system performance to understand the impact of your changes.
Performance monitoring
Monitor these key metrics before and after you make configuration changes:
- Ariel search response times
- Timeline generation success and failure rates
- System CPU and memory usage
- Other QRadar operations performance metrics
Configuration changes can significantly impact Ariel search response times and overall system load. Track system resources that include CPU usage, memory consumption, and use of database connection pool during timeline generation. Make incremental changes and measure impact by comparing performance metrics against the baseline after each configuration change.
Configuration parameters
You can view and set configuration parameters from the navigation menu by clicking , then clicking Advanced.
- Processing timeout
-
Maximum time allowed for milestone generation before you stop.
- Default: 5 minutes
- Range: 5 - 60 minutes
Increase the timeout if offenses frequently timeout or for environments with large offenses (millions of events). Decrease the timeout if system resources are constrained.
Higher timeout values allow complete processing of large offenses, but processing might take longer based on the size of events and flows in the offense. Shorter timeout values prevent resource exhaustion. Disabled timeout might cause system performance issues.
- Maximum concurrent tasks
-
Number of timeline generations that can run simultaneously.
- Default: 5
- Range: 1 - 10
Decrease this value if system performance degrades during multiple generations or database connections are exhausted. Increase this value if the system has abundant resources and many users, or for dedicated QRadar deployments.
Higher values allow more users to generate timelines simultaneously. Shorter values reduce system load but might cause wait times. Setting this value too high can overwhelm the database and CPU.
- Records per Ariel batch
-
Number of records fetched per Ariel query during milestone generation.
- Default: 20,000
- Range: 10,000 - 500,000
Increase this value for high-volume environments with abundant memory. Decrease this value for resource-constrained systems or if you experience memory issues during generation.
Larger batches reduce API calls but increase memory usage. Smaller batches provide more frequent progress updates and affect overall generation speed.
- Ariel query timeouts
-
Controls timeout behavior for Ariel queries during milestone generation.
- Minimum timeout for Ariel queries: 10,000 ms (default)
- Maximum timeout for Ariel queries: 30,000 ms (default)
Increase these values if Ariel queries frequently timeout. Decrease these values to fail faster on problematic queries.
These parameters control how long the system waits for Ariel query responses and affect overall generation time for large offenses.