IBM QRadar

Hi everyone,

I was test the eps limit feature of tenant management. I was set the EPS limit to 0 or 1, then assign that tenant to domain which have event of AIO Collector (the only EC). But the EPS in lisence pool management or in AQL Query is not decrease according to my setting, doesn't even changed.
pls help me.

Hi Bao,

The tenant EPS limit does not affect the EPS limit shown in license pool management. The value shown in license pool management reflects what the uploaded license key states is the EPS limit, the overall system is always entitled to that amount regardless of how any tenants are configured. License-based EPS is enforced early in the event pipeline, before parsing. Tenant EPS limits are enforced after parsing (since it is only at this time that the system has enough information to know which domain (and thus which tenant) an event belongs to. This is done by creating tenant-specific queues sized to reflect the tenant EPS limit. So you've effectively created a bottleneck downstream in the pipeline that limits EPS to 1, but the earlier license enforcement stage will still allow data through at the rate defined by the amount of EPS license allocated to the host in License Pool Management.

Hi everyone,

I was test the eps limit feature of tenant management. I was set the EPS limit to 0 or 1, then assign that tenant to domain which have event of AIO Collector (the only EC). But the EPS in lisence pool management or in AQL Query is not decrease according to my setting, doesn't even changed.
pls help me.

Dear Mr CoLin,

Thanks for your support,

Now I have known that the EPS rate in license pool management is not show me a eps limit of tenant management.Could you please advise if there is a method to verify whether the tenant's EPS limit has been effectively applied? Are there any specific statistical data or metrics that can be referenced to confirm the enforcement of the EPS limit for the tenant?
I tried some sollution but it isn't working. 
By using AQL Query for domain:

By grep tenant in qradar.error and qradar.log:

But no sollution can give a number according to my config.
Waiting for your response.

Thanks and best regards.

Bao

Hi Bao,

The tenant EPS limit does not affect the EPS limit shown in license pool management. The value shown in license pool management reflects what the uploaded license key states is the EPS limit, the overall system is always entitled to that amount regardless of how any tenants are configured. License-based EPS is enforced early in the event pipeline, before parsing. Tenant EPS limits are enforced after parsing (since it is only at this time that the system has enough information to know which domain (and thus which tenant) an event belongs to. This is done by creating tenant-specific queues sized to reflect the tenant EPS limit. So you've effectively created a bottleneck downstream in the pipeline that limits EPS to 1, but the earlier license enforcement stage will still allow data through at the rate defined by the amount of EPS license allocated to the host in License Pool Management.

Hi everyone,

I was test the eps limit feature of tenant management. I was set the EPS limit to 0 or 1, then assign that tenant to domain which have event of AIO Collector (the only EC). But the EPS in lisence pool management or in AQL Query is not decrease according to my setting, doesn't even changed.
pls help me.