Last, but not Least
Monitoring in Stream exposes more than simple resource metrics. Admins can see exactly how much data flows through each Data Route and Pipeline, from each Source, or to each Destination. This is all shown in bytes per second as well as events per second in order to help users understand their observability Pipeline.
Monitoring pages are a dime a dozen; resource utilization made pretty. Your first view of the Stream Monitoring page is no different.
Click Monitoring in the top nav
NOTE: if the security-cidr-lookup.csv window is still open, you'll need to close that before navigating to Monitoring.
A nice addition here is the total events per second in / out and bytes per second in / out. These are common metrics that SIEM vendors use for licensing. Having them displayed front and center in Stream gives you visibility into what exactly Stream is doing for your IT and Security data.
Those are some nice graphs, but what really stands out here is the Data sub-menu. If we hover over it, we can choose which parts of Stream we specifically want to see our data flowing through. Routes is a good place to look.
- Hover over
Datain the top left sub-nav - Click
Routesin the hover menu
Now these graphs are getting interesting. Note the different flow of data into each Route. Our raw2s3 Route has more data than, say, the palo2ITElastic Route. Also, there is more data coming in than there is going out on the palo2ITElastic Route. This is due to a Pipeline that makes good use of sampling and dropping of erroneous data (which are only two of the many ways to reduce your data in Stream).
Feel free to continue to poke around here, but as far as this ‘fly-by’ is concerned, that’s about it. All that’s left is to entice you to continue your journey with us by completing some more courses.