Performance Tuning

Welcome to Exabeam Security Content
- Security Content in the Legacy Structure
What is Security Content?
- The Security Content Pipeline
- The Content Library
Understanding the Log
- Do You Need a Parser?
  - Parsing for Data Lake
  - Parsing for Advanced Analytics
- Log Process Example
Exabeam Parsers
Exabeam Event Building
Exabeam Enrichment
Exabeam Persistence and Templates
Exabeam Models
Exabeam Rules

The speed of a regex is crucial for the stability of the ingestion engine. A single high volume log source that hits a single parser that takes 70 ms to parse a single log will severely degrade performance . Starting with Advanced Analytics I48, parsers that impact the ingestion process as a whole will be automatically disabled.

In many cases, this occurs because the regex was designed to be as broadly tuned as possible, and does several 'look aheads' in the log. If a log line is large, a single regex in a parser that tries to look through most, if not the entire log, will cause the ingestion engine to slow down and eventually disable the parser.

Security ContentExabeam Security Content in the Legacy Structure

Table of ContentsTable of Contents

Performance Tuning