CB Response: How to calculate the sensor backlog totals cluster by node

search cancel

CB Response: How to calculate the sensor backlog totals cluster by node

book

Article ID: 288261

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

How to calculate the sensor backlog totals cluster by node when troubleshooting large aggregate sensor backlogs

Environment

CB Response Server: 6.0.1 and Higher

Resolution

On the master, run this psql query. Sum is in bytes.

# psql -d cb -p 5002
cb=# select node_id, sum(num_eventlog_bytes), avg(num_eventlog_bytes)  from sensor_registrations where next_checkin_time > current_timestamp - (interval'5 minutes') group by node_id;
 node_id |     sum      |          avg
---------+--------------+-----------------------
       6 |   4614820406 |   587201.985748823005
       4 | 156842909776 | 20005473.185714285714
       5 |   4606552191 |   583255.531906811851
       2 |   3884693723 |   497718.606406149904
       1 |   3917879845 |   504231.640283140283
       3 |   4815135219 |   617641.767444843509
(6 rows)

Feedback

thumb_up Yes

thumb_down No