Offline Report Cluster Architecture - Management

Introduction

This article discusses Logsign's offline report and management in a clustered environment.

Spark Technology

Spark is an open-source framework designed to perform faster analysis.

Logsign Offline Report

Logsign stores the large data archive logs it needs for offline reports using Hadoop technology. When the Offline Report process is initiated, Hadoop archives data is presented to the offline-worker service.

Offline Worker and Offline Master services are the services used for offline report.

Logsign Offline Master

The Offline Master service manages the Spark Master service in the background, which manages the Spark-worker services that re-index the fragmented and distributed archive logs using the processing power of the workers.

The Offline Master service should only be on one server.

Logsign Offline Worker

Manages the Spark worker service in the background, which is the actual service that processes the log for offline reports.

Spark worker services support working with multiple services, and their performance is directly proportional to server and hardware capabilities. In other words, the more Spark worker services you open, the faster the offline report process.

During processing, Spark worker services can use a lot of CPU and RAM, depending on the compressed data ratio.

1.png

To increase Spark worker services, you should use the cluster panel. You can increase the Spark worker services by clicking the Edit button on servers with Offline worker.

2.png

The number of Spark worker services is distributed by CPU multiplier. One Spark worker means one CPU usage.

3.png

 

When the process is finished, click the Save Plan button and run the apply_plan script on the terminal screen.

4.png

Was this article helpful?
0 out of 0 found this helpful

Articles in this section

See more
Become a Certified Logsign User/Administrator
Sign-up for Logsign Academy and take the courses to learn about Logsign USO Platform in detail. Enjoy the courses, and get your badges and certificates. In these courses, you'll learn how to use Logsign in your work and add value to your career.
Visit Our Blog
Our Logsign USO Platform illustrate our expertise. So do the blog. Through our blog posts, deepen your knowledge on various SecOps topics or get updated about important news & modern approaches for cybersecurity. Get into the habit of reading valuable information provided by Logsign. Be a step ahead.