This topic describes the features available in Security Analytics Services Stats view.
The Services Stats view provides a way to monitor the status and operations of a service. This view displays key statistics, service system information, and host system information for a service. In addition, more than 80 statistics are available for viewing as gauges and in timeline charts. In historical timeline charts, only statistics for session size, sessions, and packets are viewable.
To access the Service Stats view:
- In the Security Analytics menu, select Administration > Services.
The Services view is displayed.
- Select a service and select > View > Stats.
The following example shows the Services Stats view for a Decoder.
Although different statistics are available for different types of services, certain elements are common to the Services Stats view for any Core service:
- Summary Stats section
- Gauges section
- Timelines section
- Historical Timelines section
- Chart Stats Tray
Summary Stats Section
The Summary Stats section is at the top of the default view, and has no editable fields.
There are five panels in the Summary Stats section. The Key Stats panel displays different statistics for different types of services. The remaining panels in the Summary Stats section are the same for all types of services.
The Key Stats panel displays different statistics for different types of services.
- For a Decoder or Log Decoder, key statistics include capture statistics, such as capture rate, total packets or logs captured, total packets or logs dropped, the data capture begin time and end time.
- A Broker or Concentrator aggregates data from multiple services. Therefore, the key statistics for all aggregate services are presented in a grid. The columns in the grid provide the service name, the capture rate, the maximum capture rate, the number of session behind (that need to be aggregated), and the service status.
Services System Info
The Services System Info panel includes the percentage of CPU used by the service, the memory usage statistics (system, total, process, and maximum process), service uptime, status, running since time, and the current time.
Host System Info includes percentage of CPU used by the host, the memory usage statistics (system, total, process, and maximum), host uptime, status, running since time, and the current time.
Logical Drives and Physical Drives are shown with an icon for the drive name and state. Drive types used in the names and the drive status options are listed below.
Drive Types and Status
|Drive Type||Description||Comment||Status Options|
|sd||SCSI block device||Directly connected SAS, SATA MegaRAID volumes||OK (green)|
|ld||MegaRAID Logical Volume||Defined in BIOS or with MegaCLI tool||OK (green)|
|pd||MegaRAID Physical Disks||Not directly exposed to Linux||OK (green)|
|md||Linux software RAID Volume||OK (green)|
The Gauges section in the Stats View presents statistics in the form of analog gauges. See Gauges for details on configuring gauges.
Timeline charts display the selected statistics in a running timeline with focus on the current time. This is the same for all types of services, and only the display name of the timeline is editable. See Timeline Charts for details on configuring timelines.
Historical timeline charts display statistics for session size, sessions, and packets in a historical timeline. This is the same for all types of services, and has an editable display name, begin date, and end date. See Timeline Charts for details on configuring timelines.
Note: Historical Timeline charts is being deprecated for Log Collector, Virtual Log Collector (VLC) and Windows Legacy Collector services.
Chart Stats Tray
The Chart Stats Tray lists all available statistics for the selected service type. Different services have different statistics to monitor. See Chart Stats Tray for a detailed description.