Mapping - Novell SENTINEL RAPID DEPLOYMENT 6.1 - 12-2009 User Manual

For Services, the remote method calls from user-defined services (your XML services) are all under
services.RemoteObjectService. Under that it puts the name of the service (such as EMap in the
above example) and if asked, the name of the method (getMapPK in the above example).
When a request such as a DAS query is received by a server, a task is created and scheduled. The
task is then assigned to a thread pool for execution. There can be more than one thread pool and a
thread pool can service multiple services. For that reason, a request needs to wait for an available
thread even if the service is not heavily used. If the statistics indicate that the wait time for a request
is long and the number of requests for that service is low, check the information about the thread
pools.
The numbers next to an entry are the sum for all its children. For example, requests 15 means that
there are 15 requests for all requests method calls. Under that, requests.configurations 1 means that 1
of the 15 are to configurations, requests.esecurity.correlation.config 2 means that 2 of the 15 are to
esecurity.correlation.config, and so on.
DAS Statistics Window
Figure 10-9
The number of requests is especially useful, because you can see where requests are going or where
they are concentrated. The # waiting information is useful because it shows how busy the server is.
That number should be small. If it is large, new requests (even for simple tasks) need to wait for
potentially slow ones. The average run time is very important because it shows which requests are
actually taking all the time, as opposed to waiting for others.

10.7 Mapping

A map is a collection of values and keys defined in a CSV or text file. You can enrich your data by
using maps to add additional information to the incoming events from your source device. This
additional information can be used for correlation and reporting.
You can create your custom maps in addition to the default maps available. You can use event
mapping, which allows you to add additional data to an event by using data already present in the
event and by referencing and pulling data from an outside source. For more information, see
Section 10.8, "Event Configuration," on page 249 and Section 10.8.1, "Event Mapping," on
page 249.
NOTE: In order to do mapping, your file must be pointing to a
configuration.xml
communication server that has DAS_Binary and DAS_Core connected to it. This is normally the
case by default, as long as the communication server and DAS processes are running.
Administration 239