Cybersecurity
DevOps Cloud (ADM)
IT Operations Cloud
Summary
In case no events are appearing on Recon, please check the status of the kafka-scheduler on the Vertica node
Products
ArcSight Recon
Environment
Any version of the Recon capability deployed on a 2x.1 ArcSight Platform Suite cluster
Situation
Recon capability is not displaying events after running a query on the Search panel of Fusion.
Cause
One possible root cause for this is that the Vertica kafka-scheduler is not running.
To check on this, the following command can be executed:
ssh <Vertica_VIP>
cd <Install_Path_arcsight-db-tools>
./kafka_scheduler status
If the output ends with something like the below line:
No scheduler process information available
Then it means that the kafka-scheduler is not running.
Resolution
To solve this issue, execute the following commands:
ssh <Vertica_VIP>
cd <Install_Path_arcsight-db-tools>
./kafka_scheduler start
If everything is done correctly, the events should be processed by Vertica and, consequently, the cached events will begin to appear on Recon.
URL Name
KM000015748