SNYPR-EYE 1.3
User Guide
Date Published: 9/6/2019
Securonix Proprietary Statement
This material constitutes proprietary and trade secret information of Securonix, and shall not be disclosed to any
third party, nor used by the recipient except under the terms and conditions prescribed by Securonix.
The trademarks, service marks, and logos of Securonix and others used herein are the property of Securonix or
their respective owners.
Securonix Copyright Statement
This material is also protected by Federal Copyright Law and is not to be copied or reproduced in any form, using
any medium, without the prior written authorization of Securonix.
However, Securonix allows the printing of the Adobe Acrobat PDF files for the purposes of client training and
reference.
Information in this document is subject to change without notice. The software described in this document is
furnished under a license agreement or nondisclosure agreement. The software may be used or copied only in
accordance with the terms of those agreements. Nothing herein should be construed as constituting an additional
warranty. Securonix shall not be liable for technical or editorial errors or omissions contained herein. No part of this
publication may be reproduced, stored in a retrieval system, or transmitted in any form or any means electronic or
mechanical, including photocopying and recording for any purpose other than the purchaser's internal use without
the written permission of Securonix.
Copyright © 2019 Securonix. All rights reserved.
Contact Information
Securonix
14665 Midway Rd. Ste. 100
Addison, TX 75001
(855) 732-6649
SNYPR-EYE User Guide 2
Table of Contents
Introduction 4Documentation Conventions 4Supported Operating Systems 5
Get Started with the Dashboard 5Dashboard Components 5
Add an Environment 26
Add a Connection 28
Configure Sensors 31
Add an Asset 34
Add a Tenant 37
Configure SMTP 41
Configure SNMP 43
Configure Access Control 45Manage Users and Roles 45Add a User 46Add a Role 48
Mask an Entity/Role 49
Add a Certificate 51
Configure Alerts 53
Appendix A 54Environment 55Ingestion 158Analytics 172
SNYPR-EYE User Guide 3
Introduction
IntroductionSNYPR-EYE is a monitoring tool that lets you view detailed information about the per-formance of your SNYPR deployment. It provides dashboards that give you visibilityinto many areas of your deployment, including:
l System Components: CPU, memory, and disk
l SNYPR Services: Tomcat, Apache, MySQL, NTP, and Syslog-ng
l Hadoop Services: HDFS, Kafka, HBase, Spark, and Zookeeper
l SNYPR Applications: Ingestion, enrichment, behavior profiling, and risk scoring
l Data Analytics: Violation trends
The SNYPR-EYE Console registers components, services, and jobs from theSNYPR-EYE Agent. The SNYPR-EYE Agent is deployed on each instance to mon-itor nodes and trigger alerts when a failure occurs. For example, an alert is triggeredwhen a resource meets a pre-set threshold or a status change occurs for a service.You can set up alert notifications via email to the operations team responsible formonitoring the platform.
SNYPR-EYE supports two types of environments, including:
l Single tenant: A Single tenant environment serves a single customer. With singletenancy, each tenant has an independent database and instance.
l Multi-tenant: A Multi-tenant environment serves multiple customers. Each tenantshares a database and application. The data for each tenant is isolated andremains invisible to other tenants.
Documentation ConventionsThere are different font styles used throughout the SNYPR documentation to indicatespecific information. The table below describes the common formatting conventionsused in the documentation:
SNYPR-EYE User Guide 4
Get Started with the Dashboard
Convention Description
Bold font
Words in bold can indicate the fol-lowing:
l Buttons that you need to click
l Fields in the user interface (UI)
l Menu options in the UI
l Information you need to type orselect
Indicates commands or code.
Menu navigation
The navigation path to reach a specificscreen in the UI is separated by agreater than symbol (>). For example,Menu > Administration.
UPPERCASE FONT All uppercase words are acronyms.
Folders and folder pathsQuotation marks are used around afolder name or folder path. For example,“C:\Documents\UserGuide”.
Supported Operating SystemsSNYPR-EYE is supported on the following operating systems:
l CentOS 7.1+
l RHEL 7.1+
Get Started with the DashboardThis section includes the following topics:
Dashboard ComponentsThere are 4 main components on the Dashboard, including:
SNYPR-EYE User Guide 5
Get Started with the Dashboard
1. Application Statistics
The Application Statistics section shows statistics across your SNYPR environment.The following statistics are available:
Assets
The number of assets that are configured in your environment. Click the blue trianglenext to the number of Assets to see a dashboard of server node specific information.
SNYPR-EYE User Guide 6
Get Started with the Dashboard
The Assets dashboard contains the following columns:
SNYPR-EYE User Guide 7
Get Started with the Dashboard
a. Click a specific asset to view the Assets Summary.
l Memory: Relative percentages of Used, Available, and Total Memory of a par-ticular node in a donut chart.
l CPU: Visualizes the minimum, maximum, and average CPU percentage for aparticular node in a line chart.
l Disk: The percentage of Used, Available, and Total Memory size of the diskallocation on a particular node in donut chart format.
l Mounted Drives: Details on all the mounted drives disk usage.
l Disk I/O: Disk input/output.
b. Disk: The amount of disk storage currently in use for the asset.
c. CPU: The amount of CPU currently in use for the asset.
d. Memory: The amount of memory currently in use for the asset.
e. Services/Roles:
SNYPR-EYE User Guide 8
Get Started with the Dashboard
l Services: The number of services that are running and installed.
Example: If your Services button displays as 2/3, this means there are 2 ser-
vices running and 3 services installed.
l Roles: The number of roles assigned. Click to expand and view the nodes that
are attached to the asset:
o Compute Node: Hadoop compute components.
o Search Nodes: Solr instances.
o Kafka Notes: Kafka nodes.
o Admin Nodes: Admin nodes.
o Application Nodes: Web application server nodes.
The color of the node reflects the status of the Service/Role. The status colorsinclude:
l Green: The service is running.
l Blue: The role is running.
SNYPR-EYE User Guide 9
Get Started with the Dashboard
l Red: The service failed.
Identities
The number of user identities configured in the SNYPR application. Click the blue tri-angle next to the number of Identities to see a list of Total Identities, ActiveIdentities, In-Active Identities, and Licensed Identities.
Datasources
The number of datasources that are integrated and ingesting data into the envir-onment.
Policies
The number of policies configured in the SNYPR application. For a multi-tenant envir-onment, the sum of all the tenants in the environment of the policies configured willdisplay.
Ingesters
A list of the ingesters that are configured in the environment to ingest data. Click theblue triangle next to the number of Ingesters to see which ingesters are running orstopped. An alert is generated when any of the ingesters are down.
SNYPR-EYE User Guide 10
Get Started with the Dashboard
Active Batches
The number of active batches for all the Spark applications in the environment. Clickthe blue triangle next to the number of active batches to see the details for eachSpark application running in the environment.
SNYPR-EYE User Guide 11
Get Started with the Dashboard
Current EPS
The current events per second (EPS) for a tenant in a single-tenant environment. Fora multi-tenant environment, the sum of all tenants will display. The value is updatedevery minute.
Today's Avg EPS
The current average EPS for a single tenant environment. For a multi-tenant envir-onment, the sum of all tenants will display. Click the blue triangle next to the numberof Today's Avg EPS to see the EPS history.
The value is updated every hour.
SNYPR-EYE User Guide 12
Get Started with the Dashboard
Today's Peak EPS
The current peak EPS of a tenant in single tenant environment. For a multi-tenantenvironment, the sum of the current peak EPS of all tenants will display.
The value is updated every hour.
Licensed EPS
The total licensed EPS of the SNYPR application.
Memory Allocated
The total memory used by the Spark applications in the environment.
Core Allocated
The total CPU/Cores utilized by the Spark applications in the environment.
Hbase
The gigabyte (GB) size of the Hbase tables in the environment. Click the blue triangle
SNYPR-EYE User Guide 13
Get Started with the Dashboard
next to the GB value to see a list of Hbase tables and their specific GB information.
HDFS
The number of HDFS storage. Click the blue triangle next to the GB value to see spe-cific details.
SNYPR-EYE User Guide 14
Get Started with the Dashboard
2. Hadoop Services
The health status of a Hadoop service is indicated by the following colors:
l Green: The service is running.
l Yellow: The service has an error.
l Red: The service is stopped.
l Gray: The service is not configured.
3. Application Alerts
The Application Alerts dashboard displays a list of alerts in your environment for thelast 24 hours as well as historic alerts. By default, the alerts dashboard shows alertswith an open status from the past 24 hours. The alerts displayed in each section,Open, Acknowledged, or Resolved, are prioritized based on criticality as well as timeof alert.
You can complete the following actions from the Application Alerts section:
SNYPR-EYE User Guide 15
Get Started with the Dashboard
a. Alert Status: Click to see alerts that are Open, Acknowledged, or Resolved. Thealerts will move from one section to another based on the action taken by the oper-ations engineer or if the alert is auto-resolved.
b. 24 Hour Alerts: Click to view alerts within the past 24 hours.
SNYPR-EYE User Guide 16
Get Started with the Dashboard
c. Calendar Icon: Click to select a date or date range.
SNYPR-EYE User Guide 17
Get Started with the Dashboard
d. Filter: Click to filter the alerts by Criticality, Types, Status, Assets, or Tenants.
e. Actions Icon: Click to respond to an alert. The following two options are available:
l Acknowledge: Indicates that you plan to investigate the alert. Choose thisoption when the alert status is Open.
l Resolve: Indicates that the alert is resolved. Choose this option when the alertstatus is Open or Acknowledged.
Additionally, when an alert status is either acknowledged or resolved, you canchoose Create Incident to indicate that the alert is under further investigation.
SNYPR-EYE User Guide 18
Get Started with the Dashboard
4. Tenants Summary
The Tenant Summary displays information about the analytics running, the datasource publishing data in the environment, tenant details, and Spark application stat-istics.
Click the grid icon to choose how you want to view your data. The following optionsare available:
SNYPR-EYE User Guide 19
Get Started with the Dashboard
Events Monitoring
By default, the Tenants Summary will show this view. The following options are avail-able:
a. Date Range: Select the date range for the events you want to view. The following
options are available: Current Hour, Today, 5 Days, 15 Days, 1 Month, 3 Months,
6 Months, YTD, 1 Year.
SNYPR-EYE User Guide 20
Get Started with the Dashboard
b. Data Type: Choose whether to view Ingestion or Analytics data. If you chooseAnalytics, you have an option to display events by one or more policies.
c. Datasources: Select one or more datasources that you want to view. You can alsoSelect All or Deselect All datasources.
SNYPR-EYE User Guide 21
Get Started with the Dashboard
d. Event Type: Select whether you want to view Published, Processed, Indexed, orSaved to HDFS events.
e. Category: Choose to view events by Event Count, Average EPS, or Peak EPS.
SNYPR-EYE User Guide 22
Get Started with the Dashboard
f. View: Select event data format. The following options are available:
l Bar Chart
l Heat Map
SNYPR-EYE User Guide 23
Get Started with the Dashboard
l Tabular
Note: Analytics data is available only in bar chart format.
SNYPR-EYE User Guide 24
Get Started with the Dashboard
License Details
SNYPR-EYE User Guide 25
Add an Environment
History
Add an EnvironmentEach environment can be configured to monitor a single SNYPR application, or inmulti-tenant environment, it can be configured to monitor multiple SNYPR applic-ations. If required, multiple environments can be configured to support production,development, and quality assurance (QA) environments. Upon completion of a suc-cessful installation of the SNYPR-EYE Application, the first environment is set up,and you can view it when you click Configure > Environment.
SNYPR-EYE User Guide 26
Add an Environment
Environment configuration requires Assets, Connections, and Sensor setup. Toaccess your environment configurations, navigate to Configure > Environment. Fromhere you can add new environments, nodes/assets, and connections. You can alsomodify and delete your existing Assets, Connections, and Sensors by selecting anexisting environment, and then clicking the pencil icon (edit) or the red X (delete) inthe Actions column.
To add an environment, do the following:
1. Navigate to Configure > Environment.
2. Click + on the top left of the screen.
3. Provide the following environment details:
a. Name: Specify a unique name for the environment. Note that the name cannotbe changed once it is set up.
b. Hadoop Distribution: Specify the Hadoop distribution for the environment. Forexample, CLOUDERA/HORTONWORKS.
c. Architecture Type: Specify the architecture type.
4. Click Save.
SNYPR-EYE User Guide 27
Add a Connection
Add a ConnectionThe connection details entered are used to retrieve the node information and deployagents. This tab gives you an overview of your connections by Name and Type. Youcan also add a new connection by clicking the Add Connection button and com-pleting the required information, and you can edit or delete a connection by clickingthe icons under the Actions column.
To add a connection, do the following:
1. Navigate to Configure > Environment.
2. Click Add Connection.
3. Provide the following connection details:
SNYPR-EYE User Guide 28
Add a Connection
a. Connection Type: Select one of the following supported connections:l Hortonworks
l Cloudera
l Resource-Manager
l SOLR-Manager
l AWS
b. Complete the following information:
SNYPR-EYE User Guide 29
Add a Connection
SNYPR-EYE User Guide 30
Configure Sensors
a. Name: Type the name of the connection.
b. (Optional) Kerberos: Check the box to enable Kerberos in your envir-onment.
c. password: Provide the password information.
d. protocol: Provide the protocol information.
e. port: Provide the port information.
f. host: Provide the host information.
g. username: Provide the username information.
4. Click Save.
Configure SensorsThe Sensors tab allows you to add a sensor configuration.
To configure a sensor connection, do the following:
1. Navigate to Configure > Environment.
2. Click the Sensors tab and complete the following information:
SNYPR-EYE User Guide 31
Configure Sensors
a. Servers: Specify a list of server names, separated by commas.
b. Sensor Topic: Specify the sensor topic name.
a. (Optional) SSL:
b. (Optional) Kerberos:
3. (Optional) When SSL is enabled in your environment, provide the following inform-ation:
SNYPR-EYE User Guide 32
Configure Sensors
a. Upload Truststorefile: Click Choose File and specify the truststorefile.
b. Truststore password: Specify the truststore password.
c. Upload Keystorefile: Click Choose File and specify the keystorefile.
d. Keystore password: Specify the keystore password.
e. Key password: Specify the key password.
4. (Optional) When Kerberos is enabled in your environment, provide the following
information:
SNYPR-EYE User Guide 33
Add an Asset
a. Principal: Specify the service request name.
b. Keytab Path: Specify the keytab path.
5. Click Save.
Add an AssetOn the Assets tab, you can view the status of the asset in your environments, andadd, edit, or delete your existing Assets.
The green icon next to an asset shows the status of the agent installed on the asset.Agents are deployed on each asset/node to monitor its health. After installation, youwill see an option to deploy the agent for the asset on which the agents were not suc-cessfully deployed during the install process. Agent deployment is recommended toenable asset monitoring.
To deploy agents, click the edit icon, provide the credentials for the asset, enableDeploy agent, and then click Save. After successful installation of an agent on theasset you will be diverted to the asset screen where you will be able to see the agenthealth.
To add an asset, do the following:
1. Navigate to Configure > Environment.
2. Click the Assets tab.
3. Click + Add Asset.
SNYPR-EYE User Guide 34
Add an Asset
4. Provide the following asset details:
SNYPR-EYE User Guide 35
Add an Asset
a. Hostname: Specify the hostname for the asset.
b. Instance type: Specify the instance type.
c. IP Address: Specify the IP Address.
SNYPR-EYE User Guide 36
Add a Tenant
d. Username: Specify the ssh (Secure Shell) username.
e. Password: Specify the ssh password.
5. (Optional) Deploy Agent: Set this to YES to make the agent report statistics for the
asset.
Note: As a best practice, we recommend deploying the agents on the asset while
adding the asset to enable asset monitoring.
6. Click Save.
You can always go back and edit the asset by clicking the edit icon (pencil icon) ordelete the asset by clicking the red "x" icon under the Actions column.
Add a TenantThe Tenants screen allows you to view the existing tenant details and configure themonitoring capability of the tenant. During install process, initially a single ten-ant/SNYPR application would be configured. You can view the status of the tenant onthe Tenant configuration screen. Currently, adding tenants can be done from the backend, while monitoring can be set up from the UI after the tenant has been deployed inthe environment.
To add or configure monitoring for tenants, follow the below steps:
1. Navigate to Configure > Tenants.
2. Click Add Tenant.
SNYPR-EYE User Guide 37
Add a Tenant
3. Complete the following Tenant Details:
a. Name: Specify the tenant name.
b. Description: Provide the client name.
c. Snypr War Version: Specify the SNYPR war version.
d. Snypr Console URL: Specify the SNYPR console URL.
e. Licensed EPS: Specify the licensed EPS for the tenant.
4. Click Next.
5. Complete the following Kafka Configuration details:
SNYPR-EYE User Guide 38
Add a Tenant
a. Kafka Servers: Specify a comma separated server list.
b. Counts Topic: Specify the count topic name.
c. Control Topic: Specify the control topic name.
d. Ops Messages Topic: Specify the ops topic name.
e. (Optional) SSL: Check the box to enable the SSL connection. When SSL isenabled, you will need to provide the following information:l Upload truststorefile
l Truststore password
l Upload keystorefile
l Keystore password
l Key password
f. (Optional) KERBEROS: Check the box to enable Kerberos authentication.When Kerberos is enabled, you will need to provide the following information:
SNYPR-EYE User Guide 39
Add a Tenant
l Principal: Specify the service request name.
l Keytab Path
6. Click Next.
7. Complete the following Database Configuration details:
8. Click Test.
9. Click Save.
The Admin user can now validate the tenant configuration and delete tenant(s) fromthe Tenants screen.
As a best practice, it's recommended to validate your configuration after you add/-modify your tenant(s). Ensure your configuration is valid by clicking Validate Con-figuration button on the Tenants screen.
Click Ok to exit the pop-up window.
SNYPR-EYE User Guide 40
Configure SMTP
Configure SMTPThe SMTP (Simple Mail Transfer Protocol) screen is used in sending and receivingemail.
To configure your SMTP connection details, do the following:
1. Navigate to Configure > SMTP.
2. Enter the following SMTP connection details:
SNYPR-EYE User Guide 41
Configure SMTP
a. SMTP Mail from: Specify the SMTP from mail address (e.g., [email protected]).
b. Send Alert Email To: Specify Alert Email To recipient mail address. Globalemail is used if c, d, and e are not enabled.
c. Send Ingestion team Alert Email To: Set the toggle to YES and enter emailaddress(s) separated by commas to send data ingestion alerts to a specificgroup of operations engineers. If this setting is not enabled, ingestion alertswill be send to the email address(s) specified in step 2 b.
SNYPR-EYE User Guide 42
Configure SNMP
d. Send Environment team Alert Email To: Set the toggle to YES and enteremail address(s) separated by commas to send data environment (infra-structure) alerts to a specific group of operations engineers. If this setting is notenabled, ingestion alerts will be send to the email address(s) specified in sec-tion b.
e. Send Analytics team Alert Email To: Set the toggle to YES and enter emailaddress(s) separated by commas to send data Analytics alerts to a specificgroup of operations engineers. If this setting is not enabled, ingestion alertswill be send to the email address(s) specified in section b.
f. Send Incident support team Email To: Set the toggle to YES to create ticketsor incidents directly in the support portal, which can create incidents via emailmessages.
g. SMTP Host: Specify the SMTP host name.
h. SMTP Port: Specify the SMPT port.
i. SMTP AUTH: To enable this option, set the toggle to YES and provide the fol-lowing information:l SMTP username: Specify the SMTP authentication username.
l SMTP Password: Specify the SMTP authentication password.
3. Click Save.
Configure SNMPSimple Network Management Protocol (SNMP) is an Internet standard protocol usedto collect and organize information about managed devices on IP networks andmodify that information to change device behavior.
To configure your SNMP traps connection details, do the following:
1. Navigate to Configure > SNMP.
2. Complete the following information:
SNYPR-EYE User Guide 43
Configure SNMP
SNYPR-EYE User Guide 44
Configure Access Control
a. SNMP Host: Specify SNMP receiver host name.
b. SNMP Port: Specify SNMP receiver port name.
c. SNMP community: Specify SNMP community.
d. SNMP Oid: Specify SNMP Oid.
3. Click Save.
Configure Access ControlAccess Control configuration is used to set up new users or new roles and manageexisting users and roles. Each user can be assigned specific roles based on accessrequirements. To configure these options, navigate to Configure > Access Control.
This section contains the following topics:
l Manage Users and Roles
l Add a User
l Add a Role
Manage Users and RolesBy default, you will be directed to the Manage Users screen.
From here, you can add a user, or use the icons under the Actions column to performthe following actions:
SNYPR-EYE User Guide 45
Configure Access Control
Icon Action
Click this icon to change a user password.
Click this icon to edit the user name, first name, last name, and emailaddress, and to modify the user's roles.
Note: You cannot edit an admin user.
Click this icon to delete a user.
Add a UserTo add a user, do the following:
1. Click + Add User.
2. Provide the following User Details:
SNYPR-EYE User Guide 46
Configure Access Control
a. User Name
b. Password
c. Re-Enter Password
d. First Name
e. Last Name
f. Email
3. Click Next.
4. Check the box next to the Role Name you want the user to be added to.
SNYPR-EYE User Guide 47
Configure Access Control
5. Click Save.
Add a RoleTo add a role, do the following:
1. Click Manage Roles from the left side of the screen.
2. Enter the following Role Details:
SNYPR-EYE User Guide 48
Mask an Entity/Role
a. authority: Specify the authority name.
b. Description: Specify the description of the role.
3. Select items you want for the role and move them to the right side of the multi-select box.
Tip: To select multiple items at once, click and drag over the items you need.
4. Click Save.
Mask an Entity/RoleWith the Masking configuration, you can mask entity attributes and/or roles and maskall the attribute associated with the role.
To enable masking for an entity or role, do the following:
1. Navigate to Configure > Masking.
2. Set Masking to YES to enable masking.
3. Click an Entity or Role that you want to mask an attribute(s) for.
SNYPR-EYE User Guide 49
Mask an Entity/Role
A pop-up will display that allows you to select one or multiple attributes/roles tomask.
SNYPR-EYE User Guide 50
Add a Certificate
4. Select the attribute(s)/ role(s) you want to be masked, then click the right arrow.
5. Click Save when you are done with your selection.
Add a CertificateTo add a certificate, do the following:
1. Navigate to Configure > Certificates.
2. Click Add Certificate.
3. Provide the following Certificate Details:
SNYPR-EYE User Guide 51
Add a Certificate
a. Country: Specify the country name used for signing certs.
b. State: Specify the state name used for signing certs.
c. Location: Specify the location used for signing certs.
d. Organization: Specify the organization name used for signing certs.
e. Organization Unit: Specify the organizations unit name used for signing certs.
f. Common Name: Specify the common name used for signing certs
SNYPR-EYE User Guide 52
Configure Alerts
g. Cert Expire Days: Specify the signing certs expire date using numeric valuesonly.
h. Ca Key Password: Specify the password for ca keystores.
i. Tkey Password: Specify the password for creating/using tenant keys.
j. Tstore Password: Specify the tenant keystores.
4. Click Create server certs.
Configure AlertsSNYPR-EYE has three types of alerts, including:
l Ingestion: Ingestion alerts monitor any ingestion related statistics in the envir-onment. For example, a spike or drop in data ingestion and Spark applications.
l Environment: Environment alerts monitor the assets and Hadoop services,SNYPR application services, and configuration changes to the environment.
l Analytics: Analytics alerts monitor any spike or drop in violations, and policy con-figuration changes.
To configure alerts, navigate to Configure > Alerts. From this screen, you can sortand filter alert information to customize how you organize and view your data. Youcan filter a column of data to isolate the key components you need by clicking the AllTypes, All Frequencies, or All Criticalites drop-down. You can also sort your alertsalphabetically in ascending or descending order by clicking a column header.
The following columns display:
SNYPR-EYE User Guide 53
Appendix A
a. Name: Hover your cursor over the information icon, on the right side of an alertname, to view a description of an alert.
b. Type: Displays the type of alert.
c. Criticality: Adjust the slider to change the criticality for an alert.
d. Frequency: Use the drop-down to update the frequency for an alert. This attributeworks in sync with the alert frequency. For example, if the Frequency is set toMinute and the Interval is set to 5, this means the alert is checked and updatedevery 5 minutes.
e. Interval: Type a value to change the interval for an alert.
f. Threshold: Type a value to update the threshold for an alert.
g. Enable: Set to YES to enable an alert.
h. Web Notification: Set to YES to send Web notifications for an alert.
i. Email Notification: Set to YES to send email notifications for an alert.
j. Auto Resolve Email Notification: Set to YES to send email notifications for a good
or resolved alert notification. By default, this setting is disabled. If required, it can
be enabled.
Tip: Enable Auto-Resolved Email Notification only for critical alerts, otherwise you
will receive alerts for all system-resolved alerts. This feature is useful when the
SNYPR-EYE user interface (UI) is not used to monitor or manage alerts.
SNYPR-EYE has default alert configurations based on the recommended settings forall the alerts. For a complete list of default alerts, see Appendix A.
Appendix AThis appendix contains a list of pre-configured alerts for the environment, ingestion,and analytics.
SNYPR-EYE User Guide 54
Appendix A
EnvironmentThe following table lists and describes each of the available predefined environmentalerts:
SNYPR-EYE User Guide 55
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Ser-viceMon-itoring
Java downJava ServiceHealth Status
0Hig-h
Minu-te
En-abl-ed
SNYPR-EYE User Guide 56
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
MySql downMySQLSer-vice HealthStatus
0Hig-h
Minu-te
En-abl-ed
SNYPR-EYE User Guide 57
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Ssh downSSH ServiceHealth Status
0Hig-h
Minu-te
En-abl-ed
SNYPR-EYE User Guide 58
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Ntp downNtp ServiceHealth Status
0Hig-h
Minu-te
En-abl-ed
Redis downRedis Ser-vice HealthStatus
0Hig-h
Minu-te
En-abl-ed
Syslog downSyslog Ser-vice HealthStatus
0Hig-h
Minu-te
En-abl-ed
Apache downApache Ser-vice HealthStatus
0Hig-h
Minu-te
En-abl-ed
SNYPRapplication
SNYPRApplicationHealth Inform-ation
0Hig-h
Minu-te
En-abl-ed
RIN downRemoteIngesterHealth Status
0Hig-h
Minu-te
En-abl-ed
SNYPR-EYE User Guide 59
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
DiskUsagein-formation
Disk util-ization
Disk Util-ization ForAn IntervalEx:Minute,Ho-ur,Day
80Med-ium
Minu-te
En-abl-ed
DiskUsagein-formation
Disk util-ization warn-ing
Disk Util-ization Warn-ing For AnIntervalEx:Minute,Ho-ur,Day
80Med-ium
Minu-te
Dis-abl-ed
MemoryUsag-einformation
Memory util-ization
Asset Util-ization CheckFor Interval
85Hig-h
Minu-te
En-abl-ed
MemoryUsag-einformation
Memory util-ization warn-ing
Memory Util-ization Warn-ing
80Med-ium
Minu-te
Dis-abl-ed
HeapUsageHeap util-ization
Asset Util-ization CheckFor Interval
90Hig-h
Minu-te
En-abl-ed
SNYPR-EYE User Guide 60
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
hdfssize HDFS size
Solr DiskSize For AnIntervalEx:Minute,Ho-ur,Day
80Med-ium
Minu-te
En-abl-ed
readioDisk read IOslow
Disk Io ReadDisk For AnIntervalEx:Minute,Ho-ur,Day
700Hig-h
Minu-te
En-abl-ed
writeioDisk write IOslow
Disk Io WriteDisk For AnIntervalEx:Minute,Ho-ur,Day
700Hig-h
Minu-te
En-abl-ed
latencyio Disk latency
Disk IoLatecy For AnIntervalEx:Minute,Ho-ur,Day
700Hig-h
Minu-te
En-abl-ed
SNYPR-EYE User Guide 61
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
cachewriteDisk cachewrite IO slow
Disk IoCache WriteFor An Inter-valEx:Minute,Ho-ur,Day
700Hig-h
Minu-te
En-abl-ed
bufferwriteDisk bufferwrite IO slow
Buffer WriteFor An Inter-valEx:Minute,Ho-ur,Day
700Hig-h
Minu-te
En-abl-ed
cpuutil
Cpu utilization
Cpu Util-izationHigher ThanThreshold
90Hig-h
Minu-te
En-abl-ed
Cpu utilizationwarning
Cpu Util-ization Warn-ing HigherThanThreshold
80Med-ium
Minu-te
Dis-abl-ed
SNYPR-EYE User Guide 62
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
HadoopSer-vice
Hbase servicehealth
Hbase Ser-vice Inform-ation
BADHig-h
Minu-te
En-abl-ed
SNYPR-EYE User Guide 63
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
HDFS servicehealth
Hdfs ServiceInformation
BADHig-h
Minu-te
En-abl-ed
SNYPR-EYE User Guide 64
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Hive servicehealth
Hive ServiceInformation
BADHig-h
Minu-te
En-abl-ed
SNYPR-EYE User Guide 65
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Hue servicehealth
HuestatusServiceInformation
BADHig-h
Minu-te
En-abl-ed
SNYPR-EYE User Guide 66
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Impala servicehealth
Impala Ser-vice Inform-ation
BADHig-h
Minu-te
En-abl-ed
SNYPR-EYE User Guide 67
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Oozie servicehealth
Oozie Ser-vice Inform-ation
BADHig-h
Minu-te
En-abl-ed
Spark servicehealth
SparkstatusServiceInformation
NUL-L
Hig-h
Minu-te
En-abl-ed
Yarn servicehealth
Yarn ServiceInformation
BADHig-h
Minu-te
En-abl-ed
Zookeeper ser-vice health
Zoo-keeperstatusServiceInformation
nullHig-h
Minu-te
En-abl-ed
Kafka servicehealth
Kafka ServiceInformation
BADHig-h
Minu-te
En-abl-ed
Kafka zoo-keeper ser-vice health
Kafka ServiceInformation
nullHig-h
Minu-te
En-abl-ed
SNYPR-EYE User Guide 68
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
CacheMemor-y
Cachememory util-ization
CacheMemory Util-izationHigher ThanThreshold
90Hig-h
Minu-te
En-abl-ed
SwapMemor-y
Swap memoryutilization
CacheMemory Util-izationHigher ThanThreshold
90Hig-h
Minu-te
En-abl-ed
SNYPR-EYE User Guide 69
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Compliance
Out of com-pliance fromrecommendedstandard:Impala data-base nameconfig
Impala Data-base NameConfigurationNot MatchingStandardComplianceValue
Low DailyEn-abl-ed
SNYPR-EYE User Guide 70
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Out of com-pliance fromrecommendedstandard:Impala tableprefix config
Impala TablePrefix Con-figuration NotMatchingStandardComplianceValue
Low DailyEn-abl-ed
SNYPR-EYE User Guide 71
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Out of com-pliance fromrecommendedstandard:KafkaenrichedTopicconfig
KafkaEnrichedtopicConfigurationNot MatchingStandardComplianceValue
Low DailyEn-abl-ed
SNYPR-EYE User Guide 72
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Out of com-pliance fromrecommendedstandard:KafkarawTopic con-fig
Kafka RawTopic Con-figuration NotMatchingStandardComplianceValue
Low DailyEn-abl-ed
SNYPR-EYE User Guide 73
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Out of com-pliance fromrecommendedstandard:Kafka con-trolTopic con-fig
Kafka ControlTopic Con-figuration NotMatchingStandardComplianceValue
Low DailyEn-abl-ed
SNYPR-EYE User Guide 74
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Out of com-pliance fromrecommendedstandard:Kafka count-sTopic config
Kafka CountsTopic Con-figuration NotMatchingStandardComplianceValue
Low DailyEn-abl-ed
SNYPR-EYE User Guide 75
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Out of com-pliance fromrecommendedstandard:KafkaopsTopic con-fig
Kafka OpsTopic Con-figuration NotMatchingStandardComplianceValue
Low DailyEn-abl-ed
SNYPR-EYE User Guide 76
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Out of com-pliance fromrecommendedstandard:Kafka viol-ationTopicconfig
Kafka Viola-tion TopicConfigurationNot MatchingStandardComplianceValue
Low DailyEn-abl-ed
SNYPR-EYE User Guide 77
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Out of com-pliance fromrecommendedstandard:Kafka tier-2Topic config
Kafka Tier2Topic Con-figuration NotMatchingStandardComplianceValue
Low DailyEn-abl-ed
SNYPR-EYE User Guide 78
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Out of com-pliance fromrecommendedstandard:Kafka index-erCountTopicconfig
Kafka IndexerCounts TopicConfigurationNot MatchingStandardComplianceValue
Low DailyEn-abl-ed
SNYPR-EYE User Guide 79
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Out of com-pliance fromrecommendedstandard:Kafka pre-viewTopic con-fig
Kafka Pre-view TopicConfigurationNot MatchingStandardComplianceValue
Low DailyEn-abl-ed
SNYPR-EYE User Guide 80
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Out of com-pliance fromrecommendedstandard:KafkaaeeTopic con-fig
Kafka AeeTopic Con-figuration NotMatchingStandardComplianceValue
Low DailyEn-abl-ed
SNYPR-EYE User Guide 81
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Out of com-pliance fromrecommendedstandard:Kafka user-Topic config
Kafka UserTopic Con-figuration NotMatchingStandardComplianceValue
Low DailyEn-abl-ed
SNYPR-EYE User Guide 82
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Out of com-pliance fromrecommendedstandard:KafkaaccessTopicconfig
Kafka AccessTopic Con-figuration NotMatchingStandardComplianceValue
Low DailyEn-abl-ed
SNYPR-EYE User Guide 83
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Out of com-pliance fromrecommendedstandard: Solrcollectionname config
Solr Col-lection NameConfigurationNot MatchingStandardComplianceValue
Low DailyEn-abl-ed
SNYPR-EYE User Guide 84
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Out of com-pliance fromrecommendedstandard:Default tenantname
Tenant NameFormat NotMatchingStandardComplianceValue
Low DailyEn-abl-ed
SNYPR-EYE User Guide 85
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Out of com-pliance fromrecommendedstandard:Hbasenamespace
HbaseNamespaceNot MatchingStandardComplianceValue
Low DailyEn-abl-ed
SNYPR-EYE User Guide 86
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Out of com-pliance fromrecommendedstandard:HDFS work-ing directory
Hdfs WorkingDirectory Con-figuration NotMatchingStandardComplianceValue
Low DailyEn-abl-ed
SNYPR-EYE User Guide 87
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Out of com-pliance fromrecommendedstandard: solractivity col-lection rep-lication factor
Solr ActivityCollectionReplicationFactor higherthanthreshold
Grea-terthan1
Low DailyEn-abl-ed
SNYPR-EYE User Guide 88
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Out of com-pliance fromrecommendedstandard: solrviolation col-lection rep-lication factor
Solr ViolationCollectionReplicationFactor higherthanthreshold
Grea-terthan1
Low DailyEn-abl-ed
SNYPR-EYE User Guide 89
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Out of com-pliance fromrecommendedstandard: solrcontrolcorecollection rep-lication factor
Solr Con-trolcore Col-lectionReplicationFactor higherthanthreshold
Grea-terthan1
Low DailyEn-abl-ed
SNYPR-EYE User Guide 90
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Out of com-pliance fromrecommendedstandard: solrviolation con-trolcore col-lectionreplicationfactor
Solr ViolationControlcoreCollectionReplicationFactor higherthanthreshold
Grea-terthan1
Low DailyEn-abl-ed
SNYPR-EYE User Guide 91
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Out of com-pliance fromrecommendedstandard: solractivity col-lection #shards
Solr ActivityCollectionallocatednumber ofShards out ofrange
Bet-wee-n 2-5
Low DailyEn-abl-ed
SNYPR-EYE User Guide 92
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Out of com-pliance fromrecommendedstandard: solrviolation col-lection #shards
Solr ViolationCollectionallocatednumber ofShards out ofrange
Bet-wee-n 2-5
Low DailyEn-abl-ed
SNYPR-EYE User Guide 93
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Out of com-pliance fromrecommendedstandard: solrcontrolcorecollection #shards
Solr Con-trolcore Col-lectionallocatednumber ofShards out ofrange
Bet-wee-n 2-5
Low DailyEn-abl-ed
SNYPR-EYE User Guide 94
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Out of com-pliance fromrecommendedstandard: solrviolation con-trolcore col-lection #shards
Solr ViolationControlcoreCollectionallocatednumber ofShards out ofrecom-mendedrange
Bet-wee-n 2-5
Low DailyEn-abl-ed
SNYPR-EYE User Guide 95
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Out of com-pliance fromrecommendedstandard: solrdaily-viol-ationsummarycollection rep-lication factor
Solr Daily-viol-ation-summaryCollectionReplicationFactor out ofrecom-mendedrange
Bet-wee-n 1-2
Low DailyEn-abl-ed
SNYPR-EYE User Guide 96
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Out of com-pliance fromrecommendedstandard: solrentity-metadata col-lectionreplicationfactor
Solr Entity-metadata Col-lectionReplicationFactor
Bet-wee-n 1-2
Low DailyEn-abl-ed
SNYPR-EYE User Guide 97
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Out of com-pliance fromrecommendedstandard: solrentityrelationcollection rep-lication factor
Solr Enti-tyrelation Col-lectionReplicationFactor
Bet-wee-n 1-2
Low DailyEn-abl-ed
SNYPR-EYE User Guide 98
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Out of com-pliance fromrecommendedstandard: solripmapping col-lection rep-lication factor
Solr Ipmap-ping Col-lectionReplicationFactor
Bet-wee-n 1-2
Low DailyEn-abl-ed
SNYPR-EYE User Guide 99
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Out of com-pliance fromrecommendedstandard: solrlookup col-lection rep-lication factor
Solr LookupCollectionReplicationFactor
Bet-wee-n 1-2
Low DailyEn-abl-ed
SNYPR-EYE User Guide 100
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Out of com-pliance fromrecommendedstandard: solrtpi collectionreplicationfactor
Solr Tpi Col-lection Rep-licationFactor
Bet-wee-n 1-2
Low DailyEn-abl-ed
SNYPR-EYE User Guide 101
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Out of com-pliance fromrecommendedstandard: solrusers col-lection rep-lication factor
Solr UsersCollectionReplicationFactor
Bet-wee-n 1-2
Low DailyEn-abl-ed
SNYPR-EYE User Guide 102
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Out of com-pliance fromrecommendedstandard: solrwatchlist col-lection rep-lication factor
Solr WatchlistCollectionReplicationFactor
Bet-wee-n 1-2
Low DailyEn-abl-ed
SNYPR-EYE User Guide 103
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Out of com-pliance fromrecommendedstandard: solrwhitelist col-lection rep-lication factor
Solr WhitelistCollectionReplicationFactor
Bet-wee-n 1-2
Low DailyEn-abl-ed
SNYPR-EYE User Guide 104
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Out of com-pliance fromrecommendedstandard: solrriskscore col-lection rep-lication factor
SolrRiskscoreCollectionReplicationFactor
2 Low DailyEn-abl-ed
SNYPR-EYE User Guide 105
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Out of com-pliance fromrecommendedstandard: solrdaily-viol-ationsummarycollection#shards
Solr Daily-viol-ation-summaryCollection#Shards
Bet-wee-n 1-3
Low DailyEn-abl-ed
SNYPR-EYE User Guide 106
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Out of com-pliance fromrecommendedstandard: solrentity-metadata col-lection#shards
Solr Entity-metadata Col-lection#Shards
Bet-wee-n 1-3
Low DailyEn-abl-ed
SNYPR-EYE User Guide 107
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Out of com-pliance fromrecommendedstandard: solrentityrelationcollection#shards
Solr Enti-tyrelation Col-lection#Shards
Bet-wee-n 1-3
Low DailyEn-abl-ed
SNYPR-EYE User Guide 108
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Out of com-pliance fromrecommendedstandard: solripmapping col-lection#shards
Solr Ipmap-ping Col-lection#Shards
Bet-wee-n 1-3
Low DailyEn-abl-ed
SNYPR-EYE User Guide 109
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Out of com-pliance fromrecommendedstandard: solrlookup col-lection#shards
Solr LookupCollection#Shards
Bet-wee-n 1-3
Low DailyEn-abl-ed
SNYPR-EYE User Guide 110
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Out of com-pliance fromrecommendedstandard: solrtpi collection#shards
Solr Tpi Col-lection#Shards
Bet-wee-n 1-3
Low DailyEn-abl-ed
SNYPR-EYE User Guide 111
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Out of com-pliance fromrecommendedstandard: solrusers col-lection#shards
Solr UsersCollection#Shards
Bet-wee-n 1-3
Low DailyEn-abl-ed
SNYPR-EYE User Guide 112
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Out of com-pliance fromrecommendedstandard: solrwatchlist col-lection#shards
Solr WatchlistCollection#Shards
Bet-wee-n 1-3
Low DailyEn-abl-ed
SNYPR-EYE User Guide 113
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Out of com-pliance fromrecommendedstandard: solrwhitelist col-lection#shards
Solr WhitelistCollection#Shards
Bet-wee-n 1-3
Low DailyEn-abl-ed
SNYPR-EYE User Guide 114
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Out of com-pliance fromrecommendedstandard: solrriskscore col-lection#shards
SolrRiskscoreCollection#Shards
Bet-wee-n 1-3
Low DailyEn-abl-ed
SNYPR-EYE User Guide 115
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Out of com-pliance fromrecommendedstandard:KafkaenrichedTopic#partitions
KafkaEnrichedtopic#Partitions
50 Low DailyEn-abl-ed
SNYPR-EYE User Guide 116
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Out of com-pliance fromrecommendedstandard:KafkarawTopic #par-titions
Kafka Raw-topic #Par-titions
50 Low DailyEn-abl-ed
SNYPR-EYE User Guide 117
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Out of com-pliance fromrecommendedstandard:Kafka viol-ationTopic#partitions
Kafka Viola-tiontopic #Par-titions
50 Low DailyEn-abl-ed
SNYPR-EYE User Guide 118
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Out of com-pliance fromrecommendedstandard:KafkaaeeTopic #par-titions
Kafka Aee-topic #Par-titions
50 Low DailyEn-abl-ed
SNYPR-EYE User Guide 119
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Out of com-pliance fromrecommendedstandard:Kafka tier-2Topic #par-titions
Kafka Tier-2Topic #Par-titions
50 Low DailyEn-abl-ed
SNYPR-EYE User Guide 120
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Out of com-pliance fromrecommendedstandard:Kafka con-trolTopic #par-titions
Kafka Con-troltopic #Par-titions
1 Low DailyEn-abl-ed
SNYPR-EYE User Guide 121
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Out of com-pliance fromrecommendedstandard:Kafka count-sTopic #par-titions
Kafka Count-stopic #Par-titions
1 Low DailyEn-abl-ed
SNYPR-EYE User Guide 122
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Out of com-pliance fromrecommendedstandard:KafkaopsTopic #par-titions
KafkaOpstopic#Partitions
1 Low DailyEn-abl-ed
SNYPR-EYE User Guide 123
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Out of com-pliance fromrecommendedstandard:Kafka index-erCountTopic#partitions
Kafka Index-ercounttopic#Partitions
1 Low DailyEn-abl-ed
SNYPR-EYE User Guide 124
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Out of com-pliance fromrecommendedstandard:Kafka pre-viewTopic#partitions
Kafka Pre-viewtopic#Partitions
1 Low DailyEn-abl-ed
SNYPR-EYE User Guide 125
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Out of com-pliance fromrecommendedstandard:Kafka user-Topic #par-titions
KafkaUsertopic#Partitions
1 Low DailyEn-abl-ed
SNYPR-EYE User Guide 126
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Out of com-pliance fromrecommendedstandard:KafkaaccessTopic#partitions
KafkaAccesstopic#Partitions
1 Low DailyEn-abl-ed
SNYPR-EYE User Guide 127
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Out of com-pliance fromrecommendedstandard:Kafka publishthreshold.
Kafka PublishThreshold.
200-00
Low DailyEn-abl-ed
SNYPR-EYE User Guide 128
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Out of com-pliance fromrecommendedstandard:Kafka lingerms config.
Kafka LingerMs Config.
1000 Low DailyEn-abl-ed
SNYPR-EYE User Guide 129
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Out of com-pliance fromrecommendedstandard:Kafka maxmessage sizeconfig.
Kafka MaxMessageSize Config.
104-857-60
Low DailyEn-abl-ed
SNYPR-EYE User Guide 130
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Out of com-pliance fromrecommendedstandard:Kafka rawcompressionbatch size con-fig.
Kafka RawCompressionBatch SizeConfig.
100-0-2000
Low DailyEn-abl-ed
SNYPR-EYE User Guide 131
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Out of com-pliance fromrecommendedstandard:Kafkaenriched com-pressionbatch size con-fig.
KafkaEnrichedCompressionBatch SizeConfig.
100-0-2000
Low DailyEn-abl-ed
SNYPR-EYE User Guide 132
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Out of com-pliance fromrecommendedstandard: SolrsoftEEOThres-hold config.
Solr Softeeo-thresholdConfig.
10M-100-M
Low DailyEn-abl-ed
SNYPR-EYE User Guide 133
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Out of com-pliance fromrecommendedstandard: SolrsoftVi-ola-tionThresholdconfig.
Solr Soft-viol-ation-thresholdConfig.
10M-100-M
Low DailyEn-abl-ed
Out of com-pliance fromrecommendedstandard: Solractiv-ityCol-lec-tionThresholdconfig.
Solr Activ-itycol-lec-tionthresholdConfig.
100 Low DailyEn-abl-ed
Out of com-pliance fromrecommendedstandard: SolrbatchSize con-fig.
Solr Batch-size Config.
500-2000
Low DailyEn-abl-ed
SNYPR-EYE User Guide 134
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
ConfigRulesResourcegroup added
New Data-source AddedTo SNYPRApplication
ADD-ED
Med-ium
DailyEn-abl-ed
SNYPR-EYE User Guide 135
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Resourcegroup deleted
DatasourceDeleted FromSNYPRApplication
DEL-ETE-D
Med-ium
DailyEn-abl-ed
SNYPR-EYE User Guide 136
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Resourcegroup configupdated
DatasourceConfigurationChanged
UPD-ATE-D
Med-ium
DailyEn-abl-ed
SNYPR-EYE User Guide 137
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Resourceattributeadded
New Data-source Attrib-ute Added ToSNYPRApplication
ADD-ED
Med-ium
DailyEn-abl-ed
SNYPR-EYE User Guide 138
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Resourceattributedeleted
DatasourceAttributeDeleted FromSNYPRApplication
DEL-ETE-D
Med-ium
DailyEn-abl-ed
SNYPR-EYE User Guide 139
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Resourceattributeupdated
DatasourceAttributeChanged
UPD-ATE-D
Med-ium
DailyEn-abl-ed
SNYPR-EYE User Guide 140
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Policy added
New PolicyAdded ToSNYPRApplication
ADD-ED
Med-ium
DailyEn-abl-ed
SNYPR-EYE User Guide 141
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Policy deleted
PolicyDeleted FromSNYPRApplication
DEL-ETE-D
Med-ium
DailyEn-abl-ed
SNYPR-EYE User Guide 142
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Policy configupdated
Policy Con-figurationsUpdated
UPD-ATE-D
Med-ium
DailyEn-abl-ed
SNYPR-EYE User Guide 143
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Policy mightbe mis-configured
Policy Mis-configurationIdentified -Aee Viola-tions AreHigh
100-000
Med-ium
Minu-te
En-abl-ed
SNYPR-EYE User Guide 144
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Hadoop con-fig added
Hadoop Con-figurationAdded ForSNYPRApplication
ADD-ED
Med-ium
DailyEn-abl-ed
SNYPR-EYE User Guide 145
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Hadoop con-fig deleted
Hadoop Con-figurationDeleted
DEL-ETE-D
Med-ium
DailyEn-abl-ed
SNYPR-EYE User Guide 146
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Hadoop con-fig updated
Hadoop Con-figurationChanged
UPD-ATE-D
Med-ium
DailyEn-abl-ed
SNYPR-EYE User Guide 147
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Activity importconfig added
ActivityImport AddedFor SNYPRApplication
ADD-ED
Med-ium
DailyEn-abl-ed
SNYPR-EYE User Guide 148
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Activity importconfig deleted
ActivityImport Con-figurationDeleted
DEL-ETE-D
Med-ium
DailyEn-abl-ed
SNYPR-EYE User Guide 149
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Activity importconfigupdated
ActivityImport Con-figurationChanged
UPD-ATE-D
Med-ium
DailyEn-abl-ed
SNYPR-EYE User Guide 150
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Correlationrule added
New Cor-relation RuleAdded ForSNYPRApplication
ADD-ED
Med-ium
DailyEn-abl-ed
SNYPR-EYE User Guide 151
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Correlationrule deleted
CorrelationRule Con-figurationDeleted
DEL-ETE-D
Med-ium
DailyEn-abl-ed
SNYPR-EYE User Guide 152
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Correlationrule updated
CorrelationRule Con-figurationChanged
UPD-ATE-D
Med-ium
DailyEn-abl-ed
SNYPR-EYE User Guide 153
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Config cor-relation rulesadded
New ConfigCorrelationRule AddedFor SNYPRApplication
ADD-ED
Med-ium
DailyEn-abl-ed
SNYPR-EYE User Guide 154
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Config cor-relation rulesdeleted
Config Cor-relation RuleDeleted
DEL-ETE-D
Med-ium
DailyEn-abl-ed
SNYPR-EYE User Guide 155
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Config cor-relation rulesupdated
Config Cor-relation RuleChanged
UPD-ATE-D
Med-ium
DailyEn-abl-ed
SNYPR-EYE User Guide 156
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Config sum-marizationadded
New ConfigSum-marizationAdded ForSNYPRApplication
ADD-ED
Med-ium
DailyEn-abl-ed
SNYPR-EYE User Guide 157
Appendix A
Type Rule Description
Pre-setThr-esh-oldValu-e
Crit-ical-ity
Fre-que-ncy
Ou-t-of-th-e-boxSta-tus
Config sum-marizationdeleted
Config Sum-marizationDeleted
DEL-ETE-D
Med-ium
DailyEn-abl-ed
Config sum-marizationupdated
Config Sum-marizationChanged
UPD-ATE-D
Med-ium
DailyEn-abl-ed
License configadded
New LicenseConfigurationAdded InSNYPRApplication
ADD-ED
Med-ium
DailyEn-abl-ed
License configdeleted
License Con-figurationDeleted
DEL-ETE-D
Med-ium
DailyEn-abl-ed
License configupdated
License Con-figurationChanged InSNYPR
UPD-ATE-D
Med-ium
DailyEn-abl-ed
IngestionThe following table lists and describes each of the available predefined ingestionalerts:
SNYPR-EYE User Guide 158
Appendix A
Type Rule Descrip-tion
PresetThresh-oldValue
Crit-icality
Fre-quency
Statu-s
Indexed
Drop inminute ten-antindexedper rg#rgId
EpsDroppedThanAvgepsFor AnInterval
0 Low MinuteEnabl-ed
SNYPR-EYE User Guide 159
Appendix A
Type Rule Descrip-tion
PresetThresh-oldValue
Crit-icality
Fre-quency
Statu-s
Drop inhour ten-antindexedper rg#rgId
EpsDroppedThanAvgepsFor AnInterval
0Mediu-m
HourlyEnabl-ed
Drop indaily ten-antindexedper rg#rgId
EpsDroppedThanAvgepsFor AnInterval
0Mediu-m
DailyEnabl-ed
Hike intenantindexedevents perrg #rgId
Eps LessThanAvgepsFor AnInterval
0Mediu-m
MinuteEnabl-ed
Hike inhourlyindexedper rg#rgId
Eps LessThanAvgepsFor AnInterval
0Mediu-m
HourlyEnabl-ed
Hike indailyindexedper rg#rgId
Eps LessThanAvgepsFor AnInterval
0Mediu-m
DailyEnabl-ed
SNYPR-EYE User Guide 160
Appendix A
Type Rule Descrip-tion
PresetThresh-oldValue
Crit-icality
Fre-quency
Statu-s
Ingested
Drop indaily ten-ant inges-ted per rg#rgId
EpsDroppedThanAvgepsFor AnInterval
0Mediu-m
DailyEnabl-ed
Hike iningestedper rg#rgId
Eps LessThanAvgepsFor AnInterval
0Mediu-m
MinuteEnabl-ed
Hike inhourlyingestedper rg#rgId
Eps LessThanAvgepsFor AnInterval
0Mediu-m
HourlyEnabl-ed
Hike indailyingestedper rg#rgId
Eps LessThanAvgepsFor AnInterval
0Mediu-m
DailyEnabl-ed
SNYPR-EYE User Guide 161
Appendix A
Type Rule Descrip-tion
PresetThresh-oldValue
Crit-icality
Fre-quency
Statu-s
Parsed
Drop indaily ten-ant parsedper rg#rgId
EpsDroppedThanAvgepsFor AnInterval
0Mediu-m
DailyEnabl-ed
Hike inparsed perrg #rgId
Eps LessThanAvgepsFor AnInterval
0Mediu-m
MinuteEnabl-ed
Hike inhourlyparsed perrg #rgId
Eps LessThanAvgepsFor AnInterval
0Mediu-m
HourlyEnabl-ed
Hike indailyparsed perrg #rgId
Eps LessThanAvgepsFor AnInterval
0Mediu-m
DailyEnabl-ed
SNYPR-EYE User Guide 162
Appendix A
Type Rule Descrip-tion
PresetThresh-oldValue
Crit-icality
Fre-quency
Statu-s
Pub-lished
Drop indaily ten-ant pub-lished perrg #rgId
EpsDroppedThanAvgepsFor AnInterval
0Mediu-m
DailyEnabl-ed
SNYPR-EYE User Guide 163
Appendix A
Type Rule Descrip-tion
PresetThresh-oldValue
Crit-icality
Fre-quency
Statu-s
Data-sourcepublishingeventssilent forrg #rgId
Data-sourceSilentEps NotUpdatedIn LastHour
0 High MinuteEnabl-ed
SNYPR-EYE User Guide 164
Appendix A
Type Rule Descrip-tion
PresetThresh-oldValue
Crit-icality
Fre-quency
Statu-s
PublishedEPSvolumehigherthanlicensedEPS
CurrentEpsHigherThanLicensedEps
License-d EPS
High HourlyEnabl-ed
SNYPR-EYE User Guide 165
Appendix A
Type Rule Descrip-tion
PresetThresh-oldValue
Crit-icality
Fre-quency
Statu-s
Hike inpublishedper rg#rgId
Eps LessThanAvgepsFor AnInterval
0Mediu-m
MinuteEnabl-ed
SNYPR-EYE User Guide 166
Appendix A
Type Rule Descrip-tion
PresetThresh-oldValue
Crit-icality
Fre-quency
Statu-s
Hike inhourly pub-lished perrg #rgId
Eps LessThanAvgepsFor AnInterval
0Mediu-m
HourlyEnabl-ed
Hike indaily pub-lished perrg #rgId
Eps LessThanAvgepsFor AnInterval
0Mediu-m
DailyEnabl-ed
EPD pub-lishedcount#rgIdexceededlimit
EventsIndexedIs HigherThanThreshol-d
500000-0
High DailyEnabl-ed
Data-source notpublishingfor rg#rgId
Data-source IsNot Pub-lishingFromLastHour
NULL High HourlyDis-abled
SNYPR-EYE User Guide 167
Appendix A
Type Rule Descrip-tion
PresetThresh-oldValue
Crit-icality
Fre-quency
Statu-s
SparkRu-les
#Activespark appbatcheshigh
No. OfSparkAppBatchesExceedThreshol-d
50Mediu-m
MinuteEnabl-ed
SNYPR-EYE User Guide 168
Appendix A
Type Rule Descrip-tion
PresetThresh-oldValue
Crit-icality
Fre-quency
Statu-s
Spark appbatch pro-cess timehigh
No. OfSparkAppBatchesExceedThreshol-d
30 minMediu-m
MinuteEnabl-ed
SNYPR-EYE User Guide 169
Appendix A
Type Rule Descrip-tion
PresetThresh-oldValue
Crit-icality
Fre-quency
Statu-s
Spark appdown
SparkApp JobKilled OrFailed
appStat-us:killed/-failed
Mediu-m
HourlyEnabl-ed
SNYPR-EYE User Guide 170
Appendix A
Type Rule Descrip-tion
PresetThresh-oldValue
Crit-icality
Fre-quency
Statu-s
Spark appbatcheshigh -Policy_Engine_AEE/IEE
No. OfSparkAppBatchesExceedThreshol-d
10 High MinuteEnabl-ed
Spark appbatcheshigh -Event_Enrich-ment
No. OfSparkAppBatchesExceedThreshol-d
10 High MinuteEnabl-ed
Spark appbatcheshigh -Event_Indexer
No. OfSparkAppBatchesExceedThreshol-d
10 High MinuteEnabl-ed
Spark appbatcheshigh -ThreatMo-del_RiskS-coring_App
No. OfSparkAppBatchesExceedThreshol-d
10 High MinuteEnabl-ed
SNYPR-EYE User Guide 171
Appendix A
Type Rule Descrip-tion
PresetThresh-oldValue
Crit-icality
Fre-quency
Statu-s
DeviceA-lert
Devicelevel alertfor rg#rgId
SNYPRNodeDevice IsNotReport-ing
Mediu-m
HourlyDis-abled
AnalyticsThe following table lists and describes each of the available predefined analyticsalerts:
SNYPR-EYE User Guide 172
Appendix A
Type Rule Descrip-tion
PresetThresholdValue
Crit-icality
Fre-quency
Statu-s
Viola-tion
Dropinminut-e ten-antviol-ationper rg#rgId
CurrentViolationLessThan75% OfAvg Viola-tions
0Mediu-m
MinuteEnabl-ed
SNYPR-EYE User Guide 173
Appendix A
Type Rule Descrip-tion
PresetThresholdValue
Crit-icality
Fre-quency
Statu-s
Dropinhourtenantviol-ationper rg#rgId
CurrentViolationLessThan75% OfAvg Viola-tions
0Mediu-m
HourlyEnabl-ed
SNYPR-EYE User Guide 174
Appendix A
Type Rule Descrip-tion
PresetThresholdValue
Crit-icality
Fre-quency
Statu-s
Dropindailytenantviol-ationper rg#rgId
CurrentViolationLessThan75% OfAvg Viola-tions
0Mediu-m
DailyEnabl-ed
SNYPR-EYE User Guide 175
Appendix A
Type Rule Descrip-tion
PresetThresholdValue
Crit-icality
Fre-quency
Statu-s
#Even-tsdropp-edhigh#rgId
IfDroppedEvents >50% OfTotalEvents
1.5 * event-sProcessed
High MinuteEnabl-ed
SNYPR-EYE User Guide 176
Appendix A
Type Rule Descrip-tion
PresetThresholdValue
Crit-icality
Fre-quency
Statu-s
#Even-tsinvalidhigh#rgId
SNYPRInvalidEventsCount50%GreaterThan Pro-cessedCount
1.5 * event-sProcessed
High MinuteEnabl-ed
Hikein viol-ationper rg#rgId
Hike InViola-tionsMoreThan AvgFor Min
0Mediu-m
MinuteEnabl-ed
Hikeinhourlyviol-ationper rg#rgId
Hike InViola-tionsMoreThan AvgFor Min
0Mediu-m
HourlyEnabl-ed
Hikeindailyviol-ationeventsper rg#rgId
Hike InViola-tionsMoreThan AvgFor Min
0Mediu-m
DailyEnabl-ed
SNYPR-EYE User Guide 177