How To
Summary
How to determine what process is causing a performance issue in QRadar with top command.
Objective
Crucial for understanding performance degradation is to find out which component is affected by it. Usually, it is ecs-ec (the Collector) or ecs-ep (the Processor).
Steps
- To identify the process with the most used cpu resources, run top:
Example after top command:top
- To find details of the process in trouble, with the high CPU load, press ‘c’ while top is running.
Example after 'c' selected:
Note: Press ‘c’ again to go back to the default. - Depending on what process is affected by the high CPU load the following can be of assistance:
Not enough system resources
Ecs-ep and ecs-ec pipeline high CPU
Additional Information
The Linux command called top shows OS processes and their load in the operating system.
By default, top does not show the full path to the program or make a distinction between kernel-space processes and user-space processes. In QRadar, which has many of its components built in Java™, this kind of output can be visible in the command line.
Related Information
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwtiAAA","label":"Performance"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
13 October 2022
UID
ibm16619369