We've started getting comments regarding the slowness of our SIEM. It does seem to come around the same time, though Im not sure if its every day. Is there any way to monitor or troubleshoot responsiveness, other than looking at processes on the specific appliances.
Initially, I would start by logging in as NGCP and looking under ESM Properties | ESM Management | View Statistics.You can adjust the time frame how ever needed and look for any anomalies that correspond to your time frame.
If you are running 9.5.1 MR1 you may be having memory issues, especially if you have an older appliance. We experienced major memory usage issues upon upgrading to 9.5.1.MR1 which can only be mitigated by stopping and starting the dbserver service when the EPS is at peak.
Run the htop command from a Putty session on the ESM and look at your memory utilization.
There is an MR2 release that some are saying addresses the issue, however, we have not applied this yet.
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.