logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

Cb Response: How to determine top noisy and chatty hosts and processes (5.x)

Cb Response: How to determine top noisy and chatty hosts and processes (5.x)

Environment

  • Cb Response: version 5.x

Objective

To output the top list of "noisiest" hosts, processes, and parent processes that the Cb Response (version 5.x) cluster has event records for. 

Resolution

  1. Determine which shards are present on the local node: 
# cat /etc/cb/cluster.conf
  1. Run commands, replacing "0" with any local shards:
Get list of "noisiest" hosts:
curl "http://127.0.0.1:8080/solr/0/terms?terms.fl=hostname&terms=true&terms.limit=50&indent=true" > "/tmp/$(hostname)_noisy_hosts.txt"

Get list of most common processes:
curl "http://127.0.0.1:8080/solr/0/terms?terms.fl=path_full&terms=true&terms.limit=50&indent=true" > "/tmp/$(hostname)_top_procs_pathfull.txt"

Get list of most common processes:
curl "http://127.0.0.1:8080/solr/0/terms?terms.fl=parent_name&terms=true&terms.limit=50&indent=true" > "/tmp/$(hostname)_top_parentprocs.txt"
  1. Repeat for all nodes.

Additional Notes

  • Resulting files will be available in /tmp

Related Content


Labels (1)
Labels:
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
CB_Support
Creation Date:
‎01-07-2019
Views:
370
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.