cancel
Showing results for 
Search instead for 
Did you mean: 
rakusust
Level 7

How to find receiver raw events per seconds (eps)?

Hello,

How can I find the events per seconds for raw logs receiving at ERC?
The EPS we get in ESM UI is aggregated, isn't?

DSSUMMARY provides me some details but I need to get more detail EPS for raw logs  collected at any Receiver.

Please assist.

Thank you.
Regards,
Suranjit

0 Kudos
11 Replies
xded
Level 12

Re: How to find receiver raw events per seconds (eps)?

hi rakusust,

rakusust wrote:

Hello,

How can I find the events per seconds for raw logs receiving at ERC?
The EPS we get in ESM UI is aggregated, isn't?

DSSUMMARY provides me some details but I need to get more detail EPS for raw logs  collected at any Receiver.

Please assist.

Thank you.
Regards,
Suranjit

1. Good Question =) i searched a bit but no statistik over the raw-log collection

1.1 DSSummary your right this is aggregated

1.2 Device Status from the UI Dashboard is also aggregated

1.3 Receiver properties -> Receiver management -> View Statistics  is the same like the UI Dashboard.

So i found only the aggregated EPS. Sorry. ^^

sssyyy
Level 12

Re: How to find receiver raw events per seconds (eps)?

I thought dssummary is the rate hitting the receiver interface, so it's raw. GUI is aggregated.

0 Kudos
Reiner
Level 10

Re: How to find receiver raw events per seconds (eps)?

One of the default views may help here. Select  McAfee Event Reporter - McAfee General Views - McAfee Collection Rate - Events per second.

0 Kudos
rakusust
Level 7

Re: How to find receiver raw events per seconds (eps)?

Isn't it aggregated EPS?

0 Kudos
sssyyy
Level 12

Re: How to find receiver raw events per seconds (eps)?

Yeah, I was told by McAfee that this is aggregated EPS rate.

0 Kudos
Reiner
Level 10

Re: How to find receiver raw events per seconds (eps)?

Collection Rate per second should show un-aggregated. The device log should show you aggregated numbers though (" Events retrieved from device - xxx events").

0 Kudos
rakusust
Level 7

Re: How to find receiver raw events per seconds (eps)?

Thank you but it seems to be aggregated as well.

In my test for one receiver for one single day, I got Total Event from Event Summary and divided by 86400 gives me the same value as 'Total Collection Rate Per Second'.

Any other ideas?


Regards.

0 Kudos
Reiner
Level 10

Re: How to find receiver raw events per seconds (eps)?

I just fired 50 EPS for the last hour and this is what it showscollection rate per second.PNG

0 Kudos
rakusust
Level 7

Re: How to find receiver raw events per seconds (eps)?

Thank you Reiner.
However, when you look into event analysis/details, are they aggregated?
If not then in your test # of raw events will be equal to # of aggregated events (none).

0 Kudos