Every 30 seconds, Carbon Black EDR Unified View gathers key health metrics from the managed clusters. It aggregates the collected statistics into reports every five minutes.
A five-day history of these reports is stored, beginning with the current time.
The following statistics are stored in each interval:
Average heartbeat time – The average time value it takes for the Carbon Black EDR Unified View server to query the API endpoint on the cluster.
Average query time – The average time value for all non-heartbeat queries that are made to the cluster. This value can be zero if no queries are made on the server.
The Cluster Management page provides a high-level overview of all the clusters within Carbon Black EDR Unified View. The overall health status of each cluster is determined by a combination of the average query time, heartbeat round-trip time, and number of errors. Health status is indicated by colored text as follows:
Green – Operational. Network communications to the Carbon Black EDR server are working properly and API calls can go through.
Yellow/Orange – Unstable. Can connect to the Carbon Black EDR server, but issues affecting network communication are detected. Possible cause might be failing SSL verification or query time delays.
Red – Unavailable. Cannot connect to the Carbon Black EDR server. Possible causes might be a wrong IP or blocked port.
In the Cluster Settings panel of the Cluster Management page, the five most recent errors that occurred when communicating with the server appear, in addition to the error count and time of the last query timeout.
By default, the Carbon Black EDR Unified View server stores the last 50 errors that occurred when the Carbon Black EDR Unified View server queried the cluster. You can change the default number of stored errors with the server configuration setting
UnifiedViewMaxNumberOfDbErrorLogs in cb.conf (see Server Configuration Settings).
To export these errors to a CSV file, click the icon next to the Recent Errors section heading.