Troubleshooting
Problem
Apps and memory resource limitation in Qradar 7.5.0+
Symptom
This article discusses app issues due to memory limitations and solutions to address these limits.
Common symptoms that point to an app memory issue:
- An application cannot be installed.
- The application tab displays "404 page not found".
- The contents of the tab for the application is blank in the user interface.
- The tab for the application s missing from the Console user interface.
Cause
Apps and Resource Limitation
When an app gets installed in QRadar, a dedicated docker container gets created for this app. You can think of a docker container as a small sandboxed VM that runs within QRadar. To plan ahead and ensure that QRadar has the sufficient resources needed for these apps, it is important to understand how these resources are calculated and the possible limitations we can run into.
Limitations
| Location where the apps are installed | Memory Threshold % |
|---|---|
| Console | 10% |
| App Host | 80% |
Example: You have a console that has 100 GB of memory, apps can use up to 10 GB of the 100 GB of memory.
When installing apps on the Console (not the App Host), it is important to keep in mind that the apps are limited to using only 10% of the available physical memory. If you attempt to install applications after you have reached the 10% threshold, the installation is likely to fail.
Environment
For Qradar versions 7.5.0+, apps are capable of using up to 80% of the available memory. Since App Hosts are part of the QRadar deployment as a managed host, the remaining 20% of memory is reserved for replication and QRadar processes.
When you download any app through the App Exchange, the required memory the app needs should be listed, to help ensure that sufficient resources are available.
Figure 1: Memory requirements for each application are listed on the IBM X-Force App Exchange.
Diagnosing The Problem
How do I check how much memory is currently being used by apps?
The process for users to check the memory allocations for an application depends on your QRadar version.
Managing individual App Memory
Another method of managing app memory is to modify the memory allowance for each app individually. This change can be done by using the qappmanager utility tool ran on the console.
- Run the qappmanager tool on the console.
# /opt/qradar/support/qappmanager - Select Option 28 to manage app memory usage.
28) App instance - change memory allocation - Enter a full Admin Authorized Service ID to ensure that you have the correct permissions to execute the modification.
- Enter the ID of the Application that you want to modify the memory of, followed by entering the new memory value for the application.
- After you have entered the new memory value for the chosen app, press enter to make the change. The change is applied to the app, and the total app memory available value is updated to represent the change made.
How is memory assigned to apps?
Resolving The Problem
There are several options to address a memory limitation when dealing with apps:
- Increase system memory: System RAM can be increased to meet the app requirements.
- Uninstall or stop some low-priority apps via API to reduce the memory usage.
- Add an App Host appliance to your deployment to free up resources for applications.
Related Information
Related Information
Document Location
Worldwide
Was this topic helpful?
Document Information
Modified date:
03 November 2023
UID
ibm10885336