Hello, 

Please your reply regarding this use case, 

Qradar On premise, Console Licensed to up to 10000 EPS, DR licensed to Up to 2000EPS.

1. What will happen if DR is configured ?
   1. the DR will not work ?
   2. the DR will replicate no more than 2000 EPS ?,
   3.  if yes how that 2000 EPS can be selected ?
2. If we configure a domain within the console with 2000 EPS, can DR will be deployed only for that domain ?

Any Feedback will be very appreciated. 

Thank You,

Kamal

------------------------------
Mohammed Kamal MOULINE
------------------------------

Hi Kamal,

First of all, why you are not checking the HA option with the Primary host at your Primary Site and the Secondary Host at you DR site?
As for your questions, please find my response:

1.1) It will work for up to 2000 eps
1.2) It will be like the primary site case with the 10K eps...If the eps exceeded , it will start dropping events.
1.3)you cant select the log sources which will consume the 2000eps

2)The DR license is irrelevant to which domain will be monitored as you can configure it on your own so if you have three domains A,B,C and you want to monitor only the Domain A by assigning it 2000eps , you can create the relevant Tenants A,B,C and configure there the limits you want.

Hello, 

Please your reply regarding this use case, 

Qradar On premise, Console Licensed to up to 10000 EPS, DR licensed to Up to 2000EPS.

1. What will happen if DR is configured ?
   1. the DR will not work ?
   2. the DR will replicate no more than 2000 EPS ?,
   3.  if yes how that 2000 EPS can be selected ?
2. If we configure a domain within the console with 2000 EPS, can DR will be deployed only for that domain ?

Any Feedback will be very appreciated. 

Thank You,

Kamal

------------------------------
Mohammed Kamal MOULINE
------------------------------

Hi IOANNIS, 

First of all  thank you for your reply.

Actually, in the primary site there are two AIO nodes in HA + 1 AIO node in DR. The problem is that the DR license is not the same as the ingestion license. 2000 vs 10000.

Regarding Your response 2. Is it possible to configure a Domaine limited to 2000 EPS, and configure the DR only for that one only this domain will be replicated to the AIO-DR ?

Even if on an AIO deployment ?

Thank You,

Hi Kamal,

First of all, why you are not checking the HA option with the Primary host at your Primary Site and the Secondary Host at you DR site?
As for your questions, please find my response:

1.1) It will work for up to 2000 eps
1.2) It will be like the primary site case with the 10K eps...If the eps exceeded , it will start dropping events.
1.3)you cant select the log sources which will consume the 2000eps

2)The DR license is irrelevant to which domain will be monitored as you can configure it on your own so if you have three domains A,B,C and you want to monitor only the Domain A by assigning it 2000eps , you can create the relevant Tenants A,B,C and configure there the limits you want.

Hello, 

Please your reply regarding this use case, 

Qradar On premise, Console Licensed to up to 10000 EPS, DR licensed to Up to 2000EPS.

1. What will happen if DR is configured ?
   1. the DR will not work ?
   2. the DR will replicate no more than 2000 EPS ?,
   3.  if yes how that 2000 EPS can be selected ?
2. If we configure a domain within the console with 2000 EPS, can DR will be deployed only for that domain ?

Any Feedback will be very appreciated. 

Thank You,

Kamal

------------------------------
Mohammed Kamal MOULINE
------------------------------