IBM Security Guardium

 View Only

  • 1.  Investigation Dashboard And Quick Search Issue

    Posted Tue March 30, 2021 10:51 AM
    Hello all,

    Kindly i would like to ask about something related with enabling the Investigation Dashboard So, kindly be informed that I have in the Implementation (1 CM and 2 Collector) when i was checking the servers i found that the Investigation Dashboard of the 2 Collectors are working and there are data in the Dashboard in spite of i wasn't ran the Command of Quick Search yet and I didn't find any data in the Investigation Dashboard of the CM. So i ran the Command to enable the Quick Search for the Investigation Dashboard and the Command successes in one collector and the other ha unknown error as the attached screenshot

    and one more thing i found in the Utility Report Details that there are high values like mem of sniffer and number of exception so does these values may be the root cause of this issue or not.


    So, did any one see this issue before and what is the Recommendation to solve this issue and to get the Data un the Investigation Dashboard of the CM too ?


    Thank You.


    ------------------------------
    Moustafa Salah
    ------------------------------


  • 2.  RE: Investigation Dashboard And Quick Search Issue

    Posted Mon April 05, 2021 12:12 PM

    Investigation Dashboard should work by default, so there is no need to run the enable_quick_search CLI command in order to start it on new appliance.
    On CM Investigation Dashboard you should see your collectors activity. Please execute next command in CM CLI and provide your output:

    grdapi test_solr logToFile=false details=true

    Thank you



    ------------------------------
    ADIR BEN AMI
    ------------------------------

    Original Message


  • 3.  RE: Investigation Dashboard And Quick Search Issue

    Posted Mon April 05, 2021 12:12 PM

    Hello,

    Investigation Dashboard should work by default, so there is no need to run the enable_quick_search cli command in order to start it on new appliance.
    On CM Investigation Dashboard you should see your collectors activity. The Unit Utilization red status does not related to Investigation Dashboard.
    Please execute next command in CM CLI and provide your output: grdapi test_solr logToFile=false details=true

    Thank you



    ------------------------------
    ADIR BEN AMI
    ------------------------------

    Original Message


  • 4.  RE: Investigation Dashboard And Quick Search Issue

    Posted Thu April 08, 2021 04:39 AM
    Hello ADIR,

    thank you for your support, and I would like to inform you that i ran the command and i found that the Quick Search is disabled in one of the collector after that i ran the command "grdapi test_solr"to see the recommendation of this issue and i found that the recommendation was to enable Quick search into the collector manually and when i ran the command i found this Error
    "org.apache.torque.torqueException: java.sql.SQLIntegerityConstraintViolationExceptio:duplicate Entry '1' for key 'DM_HEADER_ID' failed to enable schedule for quick search"
    and the Investigation Dashboard is still get errors and the investigation Dashboard in the CM too doesn't contain any data.

    ------------------------------
    Moustafa Salah
    ------------------------------

    Original Message


  • 5.  RE: Investigation Dashboard And Quick Search Issue

    Posted Tue April 13, 2021 08:16 AM

    Hello,

    This looks like a specific issue that requires investigation and you should contact support.

    Thank you



    ------------------------------
    ADIR BEN AMI
    ------------------------------

    Original Message