QRadar: Why qradar.error log file spans a short period of time?

Steps

1. SSH onto the QRadar Console as the root user.
2. From the command line on the QRadar Console, SSH to the managed host where you want to compute the qradar.error log file time span.
3. Calculate the qradar.error time span by running the following command.

   QE=/var/log/qradar.error;startDate=$(head -n 1 $QE | awk '{print $1,$2,$3}');epochStart=$(date -d "${startDate}" +"%s");endDate=$(tail -n 1 $QE | awk '{print $1,$2,$3}');epochEnd=$(date -d "${endDate}" +"%s");timeRange=$(echo $startDate '-' $endDate);time_diff=$((epochEnd-epochStart));one_day=86400;year=31556926;if [[ $time_diff -lt 0 ]];then time_diff=${time_diff#-};time_diff=$((year-time_diff));fi

4. Run the following command to print the result.

   clear;printf "\n";printf "%-40s | %-60s |\n" '     qradar.error time span:' $(date --date="${startDate}" +%B-%d--%H:%M:%S)\ ' : '\ $(date --date="${endDate}" +%B-%d--%H:%M:%S);printf "%-40s | %-60s |\n" ' ' $(($time_diff / 86400 ))\ days\ $((($time_diff % 86400)/3600))\ hours\ $((($time_diff % 3600) / 60))\ minutes\ $(($time_diff % 60))\ seconds;printf "\n\n\n"

5. The result is presented as follows:

   
        qradar.error time span:             | November-04--20:01:48  :  February-23--07:00:16                    |
                                            | 110 days 17 hours 47 minutes 14 seconds                            |
   
   
   
   [root@tysm-qr750-3199-27238 ~]#
   

    
   Results
   If a time span is less than 24 hours, administrators can investigate the contents of the qradar.error log file to determine which component is generating the highest number of errors.