View Stats for an ESA ServiceView Stats for an ESA Service
This topic describes how to view the deployment statistics (stats) for an ESA Correlation service. This procedure is useful when you are attempting to determine the effectiveness of a rule or troubleshoot an ESA rule deployment.
Caution: When you modify and re-deploy an ESA rule deployment, all of the stats are removed from that deployment. The generated alerts are not removed from NetWitness Respond.
View ESA StatsView ESA Stats
- Go to (Configure) > ESA Rules > Services tab.
- From the ESA Services list on the left, select a service.
The deployment stats for the selected service are displayed.
- (This option applies to NetWitness Platform version 11.3 and later.) In the Deployment view under the ESA Correlation service name, select the tab of the deployment you would like to view. For example, select the Deployment A tab to view the stats for deployment A. Select the Deployment B tab to view the status for deployment B.
- Review the following sections of ESA stats.
For a complete description of each statistic in each section, see Services Tab.
- Engine Stats
- Rule Stats
- Alert Stats
- In the Deployed Rule Stats, review details about the rules deployed on the ESA.
For a complete description of each column in each section, see Services Tab.
- If the rule is enabled or disabled
- What the rule name is
- The type of rule
- If the rule is running in Trial Rule mode
- Last detected
- Events matched
- The amount of memory used by the rule
- The percentage of the deployment CPU used by the rule (available in NetWitness Platform version 11.5 and later)
- To monitor overall memory usage and health of your ESA Correlation service, click Health & Wellness.
Enable or Disable RulesEnable or Disable Rules
- In the Deployed Rule Stats panel, select a rule from the grid.
- Click to enable the rule, or click to disable the rule.
The Services tab is refreshed to show the changes, which take effect immediately.
Refresh the StatisticsRefresh the Statistics
The Services tab does not update statistics automatically unless you enable or disable a rule. To ensure you view current statistics:
- Click in the upper right corner to refresh the information.
- View the updated information.