IBM Support

QRadar: Using ThreadTop to detemine QRadar process load

Troubleshooting


Problem

How to determine what QRadar processes are using the most resources.

Symptom

The system is running a little slower than usual, and you need to determine which process is taking up the most resources.

Resolving The Problem

If you need to determine which QRadar process is consuming the most resources, there is a Top like tool that specifically works with QRadar processes called theadTop. This tool monitors QRadar processes, and can give an indication of performance issues.

To initiate threadTop

  1. SSH into the QRadar Console using SSH.
  2. Type the following command:

    /opt/qradar/support/threadTop.sh

    Example:



    Results
    Processes that are over 1500 milliseconds for more than a few intervals, may be an indicator of an issues.

     

[{"Business Unit":{"code":"BU008","label":"Security"},"Product":{"code":"SSBQAC","label":"IBM QRadar SIEM"},"Component":"Operating System","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.2;7.3","Edition":""}]

Document Information

Modified date:
25 July 2020

UID

swg21978401