Application shadows

Some years ago antivirus programs had some unfortunate impact on computer performance but they eventually got better and computers got faster. But now new annoying security things emerge from the shadows again this time in the form of Data Loss prevention and realtime logging. The impact is hard to measure as there sometimes are more than one product doing “things” to normal applications. Is there a way of measuring the impact of things like McAfee DLP?

The user experience is like running something with McAfee DLP enabled takes 5 minutes and without it takes 20 seconds. Could be saving a file or running Oracle Crystalball.

1 comment

  • 0
    Dominik Britz

    Hi Kåre,

    There is no dedicated metric for this. But, you could compare the performance of McAfee DLP systems with systems where it is not installed.

    The column Avg. IO latency (ms) in our dashboard Application Performance is what you are looking for. It's based on the calculation ProcIOLatencyReadMs x ProcIOReadCount + ProcIOLatencyWriteMs x ProcIOWriteCount. Please have a look at the uberAgent.json file in $SPLUNK_HOME$\etc\apps\uberAgent\default\data\models for field calculation details.
    If you want to have a look at the fields for themselves, you have two options:
    1. Build your own dashboard. Start with one of our searches and extend it to your needs
    2. Search in the raw data -> index=`uberAgent_index` sourcetype=uberAgent:Process:ProcessDetail
Please sign in to leave a comment.