EDR: How to find the sensors with large Event/Binary queue size
search cancel

EDR: How to find the sensors with large Event/Binary queue size

book

Article ID: 291563

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

Provide information of how to find the sensors with large queue size

Environment

  • EDR: All supported versions
  • Linux: All supported versions

Resolution

  1. Logged into EDR console
  2. Go to Sensors page and select the group of sensor to check
  3. Click Export -> Export Visible (or Export All) to download the export CSV
  4. Open CSV and Sort by column "num_eventlog_bytes" for Event queue size check, and by column "num_storefiles_bytes" for Binary queue size check
Powered by Wolken Software