QRadar Data Node Appliance

As Platin Bilisim, we are able to install QRadar products to our customers and aim for maximum performance.

The main task of the Data Node module in QRadar deployment is to increase the storage and search performance of the product.


The Data Node is connected to the Event or Flow Processors in the QRadar Deployment. QRadar automatically shares the data reached to the Event / Flow Processors between the processor and data nodes. For example, consider a deployment that arrives at the Event Processor at 20 000 EPS (event per second). When we add Data Node to this deployment, the event processor will see the appropriate data node and automatically start to share the data. If there is one EP (event processor) and 3 data nodes in this deployment, the data sharing will be as follows:

Event Processor: 5000 EPS

Data Node1: 5000 EPS

Data Node2: 5000 EPS

Data Node3: 5000 EPS

Event Processor will be able to perform the search function as it gains storage space after sharing all the incoming events.

An Event / Flow Processor can be connected to more than one Data Node according to need. This allows an unlimited expansion in the horizontal. However, a Data Node cannot connect to more than one Event or Flow Processor.


To add the Data Node to your QRadar Deployment, your QRadar version must be 7.2.2 and higher. Since this version is a very old version, all of our customers fulfill this requirement.