Advanced Analytics i57 is only available for Exabeam cloud-delivered offerings. Please contact Exabeam Sales or your account executive for additional information.
Stuck and Failed Parser Detection
To keep Log Ingestion and Messaging Engine (LIME) running, your system detects stuck and failed parsers early and pauses them.
Parsers use regular expressions to extract data from logs. If these regular expressions are incorrect, parsers can enter an infinite loop and get stuck, or fail with a non-timeout exception. Sometimes, parsers can also get stuck when it can't parse incorrect input data. When parsers fail or get stuck, LIME stops working because it can't move forward until the previous parser is done processing.
Now, if a parser takes too long to process, a mechanism pauses those parsers to keep your system running. If the parser exceeds a configured time limit, your system fails the parser with a timeout exception, logs the error at a
DEBUG security level, and notes the parser in internal error statistics. Your system periodically checks the error statistics to identify any parsers that have accumulated more than a certain number of errors, then pauses them.
After your system pauses a stuck or failed parser, you can view the parser in the list of paused parsers under System Health. You do not receive a system health alert when a stuck or failed parsers is paused, but you will continue to receive a system health alert when a slow parser is paused.
Exabeam Documentation: Paused Parsers
Exabeam Documentation: View Paused Parsers
Histograms Optimized for Better Stability
To stabilize your system and keep it running, histograms now consume less memory.
Previously, histograms used up to half of the Analytics Engine's long-term memory. Of the memory histograms used, two-thirds was attributed to its data structure. To free memory on your system and keep important services running, histograms now use a data structure that consumes less memory. With this new data structure, your system uses less heap space in Java and runs out of memory less frequently.
Health Checks Refined for Cloud-Delivered Deployments
In System Health, you only see the relevant health checks for cloud-delivered deployments. You no longer see health checks that apply only to hardware or virtual deployments.