Hortonworks Cybersecurity Platform
Also available as:
PDF
loading table of contents...

Tune the PCAP Panel UI

The PCAP panel provides a graphical user interface to explicitly define the parameters used in the pcap query. You can modify three parameters to adjust the output of the PCAP panel query: YARN queue, pcap page size, pcap threadpool. Changes to these three parameters change the output for all PCAP panel queries.

  1. If you want to configure pcap query jobs for submission to a YARN queue, you can modify the pcap YARN queue in Ambari.
    Navigate to Metron/Rest and adjust the PCAP Yarn Queue field value.
    If you configure this field, the REST application will set the mapreduce.job.queuename Hadoop property to the value you specify.
  2. If you want to modify the number of pcaps per page, you can modify the pcap page size in Ambari.
    Navigate to Metron/Rest and adjust the PCAP Page Size field value.
    By default, this value is set to 10 pcaps per page. You may choose to set this value higher based on observing frequently-run query result sizes. Depending on the size of your pcaps, the number or results typically returned, page sizing, and available CPU cores for running your REST application, you can improve your performance by adjusting the number of files that can be written to HDFS in parallel. This setting works in conjunction with the property for setting finalizer threadpool size when optimizing query performance.
  3. If you want to specify the number of threads, you can modify the finalizer threadpool size in Ambari.
    Navigate to Metron/Rest and adjust the Finalizer Threadpool Size field value.
    By default, this value is set to "1". Generally speaking, you should see a performance gain when you set this value to anything higher than 1. You can achieve a sizeable increase in performance, especially for larger numbers of files of smaller size, by increasing the number of threads. This property is parsed as a String to allow for more complex parallelism values. In addition to normal integer values, you can specify a multiple of the number of cores. If it's a string and ends with "C", then strip the C and treat it as an integral multiple of the number of cores. If it's a string and does not end with a C, then treat it as a number in string form.