Donnerstag, 28. April 2016

SmartEvent shows no new events

Product
SmartEvent / Eventia Analyzer
Version
R75.45, R75.46, R75.47, R77.10, R77.20, R77.30

 Symptoms
  • SmartEvent shows no new events, even though logs are being produced and analyzed by the Correlation Unit.
  • postgres process appears as 'idle'.
  • cpsemd.elg shows:
    "Error: Failed to insert/update event in database".
  • cpsemd.elg shows:
    "ERROR: new row for relation "seam_event_XX" violates check constraint "cons_rowid"".
  • cpsemd.elg shows (Windows Server 2008):
     CSeamApplication::_CloseLastPartition() - Failed to get num of rows from partition db
 CSeamApplication::_InitDBPartitions() - failed to close the last partition.
 Cannot create partitions in db
  • All other processes are working fine.

Cause
SmartEvent server's virtual partition for events in the database became full, but did not automatically create a new partition within the database.

This happened due to a wrong database partition generation configuration file being used after SmartEvent was upgraded.


Solution
Note: This article is not relevant for NGSE. In NGSE, there is no SQL DB.

Note: The commands below are using a variable for CPshrd-R7x.xx. This needs to be replaced with the correlating path for YOUR version. DO NOT COPY and PASTE this command directly. For help on determining your version, via command line (expert mode) run #echo $CPDIR to see what CPshrd-Rxx resolves to.

Follow these steps on the involved SmartEvent server:
  • On Gaia / SecurePlatform OS (in Expert mode):
    [Expert@HostName]# evstop
[Expert@HostName]# /opt/CPshrd-R7x.xx/database/postgresql/bin/psql -U cp_postgres -p 18272 -f $RTDIR/conf/partition.sql events_db
[Expert@HostName]# /opt/CPshrd-R7x.xx/database/postgresql/bin/psql -U cp_postgres -p 18272 events_db -c "select * from generate_new_partition(100000);"
[Expert@HostName]# evstart
  • On Windows OS (in Command Prompt):
    C:>\ evstop
C:>\ cd /d "%CPDIR%\database\postgresql\bin\"
C:\...\postgresql\bin> psql.exe -U cp_postgres -p 18272 -f "%RTDIR%"\conf\partition.sql events_db
C:\...\postgresql\bin> psql.exe -p 18272 -c "select * from generate_new_partition(100000);" -U cp_postgres events_db
C:>\ evstart
Eingestellt von um

Keine Kommentare:

Kommentar veröffentlichen

Abonnieren Kommentare zum Post (Atom)