How To
Summary
QRadar generates events by using the Health Metric Log Source that provides insight into the System Health and Operation of the deployment. These events are internal and credited back to the licensed EPS threshold, however the volume of these events can still have an impact on Pipeline Performance. For that reason reducing the Polling Interval of these metrics might be necessary.
Objective
Environment
Steps
psql -U qradar -c "select id,metric_id,time_resolution_millis from metric_meta_data;"
Partial example output as follows:
psql -U qradar -c "select id,metric_id,time_resolution_millis from metric_meta_data;"
id | metric_id | time_resolution_millis
-----+------------------------------------------------+------------------------
135 | CollectionCount | 60000
136 | CollectionCountCopy | 60000
137 | CollectionTime | 5000
138 | CollectionTimeCopy | 5000
139 | LastCollectionStartTime | 5000
3. Back up the metric_meta_data table
pg_dump -U qradar -t metric_meta_data -f /tmp/metric_meta_data.sql
4. Using the example from step 2, if you notice that the current configuration contains values that are set to 5000 ms, they can be changed to 60000 ms, as follows:
psql -U qradar -c "update metric_meta_data set time_resolution_millis=60000 where time_resolution_millis=5000;"
Document Location
Worldwide
Was this topic helpful?
Document Information
Modified date:
20 December 2022
UID
ibm16848239