How can I find the events per seconds for raw logs receiving at ERC?
The EPS we get in ESM UI is aggregated, isn't?
DSSUMMARY provides me some details but I need to get more detail EPS for raw logs collected at any Receiver.
1. Good Question =) i searched a bit but no statistik over the raw-log collection
1.1 DSSummary your right this is aggregated
1.2 Device Status from the UI Dashboard is also aggregated
1.3 Receiver properties -> Receiver management -> View Statistics is the same like the UI Dashboard.
So i found only the aggregated EPS. Sorry. ^^
I thought dssummary is the rate hitting the receiver interface, so it's raw. GUI is aggregated.
One of the default views may help here. Select McAfee Event Reporter - McAfee General Views - McAfee Collection Rate - Events per second.
Isn't it aggregated EPS?
Yeah, I was told by McAfee that this is aggregated EPS rate.
Collection Rate per second should show un-aggregated. The device log should show you aggregated numbers though (" Events retrieved from device - xxx events").
Thank you but it seems to be aggregated as well.
In my test for one receiver for one single day, I got Total Event from Event Summary and divided by 86400 gives me the same value as 'Total Collection Rate Per Second'.
Any other ideas?
Thank you Reiner.
However, when you look into event analysis/details, are they aggregated?
If not then in your test # of raw events will be equal to # of aggregated events (none).