Skip to content
  • There are no suggestions because the search field is empty.

Deployment Stats

Tags: Documentation

When an ESA deployment is deployed, you can view details about how the deployment is performing, such as statistics on the engine, rule, and alert. You can also view information on which rules are enabled or disabled and change their status.

This topic describes how to view an ESA Correlation service’s deployment statistics (stats). This procedure is useful when determining a rule's effectiveness or troubleshooting an ESA rule deployment.

Caution: When you modify and re-deploy an ESA rule deployment, all the stats are removed from that deployment. The generated alerts are not removed from NetWitness.

To view a Deployment Stats

  1. Go to Configure.png (CONFIGURE) > Policies > Content.

  1. Under Settings, click Event Stream Analysis > ESA Deployments.

The available deployments are displayed.

  1. Select a deployment you want to see the stats.

  2. Click on the Deployment Stats tab.

DeploymentStats_12.3.png

The deployment stats for the selected service are displayed.

DeploymentStats2_12.3.png

Review the following sections of selected Deployment Stats. For a complete description of each statistic in each section, see the Deployment Stats Information.

  • Engine Stats
  • Rule Stats
  • Alert Stats

The following figure shows the Deployment Stats panel.

DeploymentStats3_12.3_1435x284.png

  1. Review the list of details about the rules deployed on the ESA.

  • If the rule is enabled or disabled
  • Rule name
  • Rule type
  • Rule trial mode
  • Last detected
  • Events matched
  • Rule memory usage

  • Deployment CPU percentage used by the rule.

    For a complete description of each column in each section, see Deployment Stats Information.

Check Health and Wellness

To monitor your ESA Correlation service's overall memory usage and health, click Health & Wellness.

DeploymentStats4_12.3.png

To Enable or Disable Rules

  1. Select a rule from the Rule Stats panel grid.

  2. Click Enable to enable the rule or click Disable to disable the rule.

    DeploymentStats5_12.3.png

To Refresh the Statistics

The Services tab does not update statistics automatically unless you enable or disable a rule.

  1. Click the Refresh tab in the bottom right corner to refresh the information.

    The Services tab is refreshed to show the changes which take effect immediately.

  2. View the updated information.

    DeploymentStats6_12.3.png

Edit the Deployment

To edit the deployment, Click the Edit Deployment tab in the bottom right corner of the page.

DeploymentStats11_12.3.png

Last Refresh Time

This information indicates the last time when the deployment stats page was refreshed.

DeploymentStats12_12.3.png

The Rule Stats panel details:

The Rules Stats provides details on the rules that are deployed on the ESA service. The following figure shows the Rule Stats panel.

DeploymentStats7_12.3_1497x446.png

The table below lists the various parameters in the Rules Stats view and their description.

The Data Source Stats panel details:

DeploymentStats8_12.3_1701x497.png

                                                    Previous Page                                            Next Page