IBM QRadar

Hello everyone,

we are experiencing an issue when trying to update UP 12 to UP13.

On every QRadar installation, both /var/log and /storetmp have 15 GB allocated by default. The SFS file we need to install is already over 5 GB in size.

The problem is that no matter where we place the SFS file (/var/log or /storetmp), once it is copied and we attempt to mount and start it, the available space drops below 10 GB. As a result, the update process cannot start showing the error message: 

[ERROR] The patch cannot start from the store partition.
Copy the SFS file to the /var/log directory or to another location that has sufficient disk space.

The error above appears, and the upgrade process does not proceed.

• Environment: QRadar 7.5.0 UpdatePackage 12 (Build 20250509154206)
• Allocated space: /var/log and /storetmp = 15 GB each
• SFS file: 750-QRADAR-QRSIEM-2021.6.13.20250718011446.sfs
• SFS file size: >5 GB (5367554048)
• After copying: less than 10 GB free → mount/start fails

Has anyone encountered this problem before? Is there a recommended workaround (e.g. using an alternative directory, resizing partitions, or another supported method) to successfully mount and run the SFS file?

Thank you in advance for your help!

Hello everyone,

we are experiencing an issue when trying to update UP 12 to UP13.

On every QRadar installation, both /var/log and /storetmp have 15 GB allocated by default. The SFS file we need to install is already over 5 GB in size.

The problem is that no matter where we place the SFS file (/var/log or /storetmp), once it is copied and we attempt to mount and start it, the available space drops below 10 GB. As a result, the update process cannot start showing the error message: 

[ERROR] The patch cannot start from the store partition.
Copy the SFS file to the /var/log directory or to another location that has sufficient disk space.

The error above appears, and the upgrade process does not proceed.

• Environment: QRadar 7.5.0 UpdatePackage 12 (Build 20250509154206)
• Allocated space: /var/log and /storetmp = 15 GB each
• SFS file: 750-QRADAR-QRSIEM-2021.6.13.20250718011446.sfs
• SFS file size: >5 GB (5367554048)
• After copying: less than 10 GB free → mount/start fails

Has anyone encountered this problem before? Is there a recommended workaround (e.g. using an alternative directory, resizing partitions, or another supported method) to successfully mount and run the SFS file?

Thank you in advance for your help!