QRadar: SAR Sentinel Threshold Values

Question & Answer

Question

Can the default SAR Sentinel Threshold values be changed based on the hardware?

Answer

QRadar uses the System Activity Reporting (SAR) Linux tool for comparing the system load against the values that are specified under the Admin Tab > Global System Notifications. These values are based on percentages. Hence for any software installation of QRadar, irrespective of the hardware configuration, the default values would be fine. You do not need to change the values unless advised by any support engineer.

For more information, refer to our Knowledge Center Article on SAR Warnings.
SAR sentinel threshold crossed

Related Information

QRadar Knowledge Center: System Notifications

[{"Product":{"code":"SSBQAC","label":"IBM QRadar SIEM"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"--","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.3;7.2","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Product Synonym

QRadar;SIEM

Was this topic helpful?

Document Information

Modified date:
21 December 2022

UID

swg21903322

Tips