Configure Alerts for Worker Node Lag

When processing current or historical logs, an alert will be triggered when the worker node is falling behind the master node. How far behind can be configured in /opt/config/exabeam/tequila/custom/health.conf. The parameters are defined below:

RTModeTimeLagHours - During real-time processing the default setting is 6 hours.
HistoricalModeTimeLagHours - During historical processing the default setting is 48 hours.
syslogIngestionDelayHour - If processing syslogs, the default setting is 2 hours.

}

slaveMasterLagCheck {

     printFormats = {

          json = "{ \"lagTimeHours\": \"$lagTimeHours\", \"masterRunDate\": \"$masterRunDate\", \"slaveRunDate\": \"$slaveRunDate\", \"isRealTimeMode\": \"$isRealTimeMode\"}"

          plainText = "Worker nodes processing lagging by more than $lagTimeHours hours. Is in real time: $isRealTimeMode "

}

RTModeTimeLagHours = 6

HistoricalModeTimeLagHours = 48

}

limeCheck {

     syslogIngestionDelayHour = 1

}

Cloud-delivered Advanced AnalyticsExabeam Advanced Analytics Administration Guide

Table of ContentsTable of Contents

Configure Alerts for Worker Node Lag