Re: Finding Performance bottleneck issue

Fri, 16 Mar 2018 08:56:42 -0700 

Hi Mike,
My processor is processing windows Text event as below and creating a JSON out 
of it.
Also I am applying simple JoltTransformer (Simple just Shift and Default) to 
convert to different  JSON (no hierarchy) .

Output have the following:
1. Original text
2. Converted JSON
3. JOLT transformed JSON
4. Failure


Steps in program:
1. Converting the event to Java Map (using regex: "([^:=]*)[:=]([^:=]*)")
2. Map to Json (using Gson)
3. Jolt transfeormation



Example event:

Examples of 4626
User / Device claims information.

Subject:
    Security ID:     %1
    Account Name:    %2
    Account Domain:  %3
    Logon ID:        %4

Logon Type:          %9

New Logon:
    Security ID:     %5
    Account Name:    %6
    Account Domain:  %7
    Logon ID:        %8

Event in sequence:   %10 of %11

User Claims:         %12

Device Claims:       %13

The subject fields indicate the account on the local system which requested the 
logon. This is most commonly a service such as the Server service, or a local 
process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common 
types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, 
i.e. the account that was logged on.

This event is generated when the Audit User/Device claims subcategory is 
configured and the user’s logon token contains user/device claims information. 
The Logon ID field can be used to correlate this event with the corresponding 
user logon event as well as to any other security audit events generated during 
this logon session.



Regards,
Milan Das


On 3/16/18, 10:56 AM, "Mike Thomsen" <[email protected]> wrote:

    Milan,
    
    Can you share some details about where you are running into problems? Like
    a basic description of what it's trying to do?
    
    On Fri, Mar 16, 2018 at 10:39 AM, Milan Das <[email protected]> wrote:
    
    > I have a custom processor, it works as expected. But I feel there is some
    > performance measure need to be done. I see that my processor is actually
    > queuing up  records at source.
    >
    > Is there a run a load  test and do performance measure for Custom
    > Processor?
    >
    >
    >
    > Regards,
    >
    > Milan Das
    >
    >

Reply via email to