Highlighted
Mat1 Absent Member.
Absent Member.
1312 views

ESM "Dropped Events" messages

Hello,

I've noticed the following events in ESM (about 2-3 per minute):

Name: Dropped Events

Message: dropped oldest events to make room for more recent ones

Device Custom Number1.Drop Count: 300

They're coming from the ESM (original agen is ESM...).

I've also found that in the server.log file:

[2012-11-20 16:05:59,926][WARN ][default.com.arcsight.server.filestore.FileChannelStore][getFreeBlock()] 30YyxBjkBABCAAjK9ujZlAQ==.19uG5ATkBABC9M7MVM+ugxQ==: DroppedBatch=ackID=30YyxBjkBABCAAjK9ujZlAQ==.19uG5ATkBABC9M7MVM+ugxQ==.64124 itemCount=150 sent=false

Does anybody has already saw that ?

Does it really mean that the ESM is not writting all events to the DB ?

What are your common values for db insert/retrieval time ?

Thanks in advance

Labels (1)
Tags (2)
0 Likes
Reply
8 Replies
jack Absent Member.
Absent Member.

Re: ESM "Dropped Events" messages

Hi,

Do you know the solution to this problem?

Regards,

Jacek

0 Likes
Reply
Mat1 Absent Member.
Absent Member.

Re: ESM "Dropped Events" messages

Hi,

it comes form the Oracle poor performance (in our case, very poor). The DBA guys opened a ticket to Oracle, since backup takes also several hours, but sot far, no result.

One solution could be to migrate to ESM 6C.

0 Likes
Reply
Maxx Absent Member.
Absent Member.

Re: ESM "Dropped Events" messages

Hi,

do you have some updates to that problem?

I have this problem too.

regards

Maxx

0 Likes
Reply
Mat1 Absent Member.
Absent Member.

Re: ESM "Dropped Events" messages

If this related to ESM (not dropped events at the agent level), you have to check for you DB or SAN/disks performance, or to filter more events sent to ESM.

0 Likes
Reply
w531t41
New Member.

Re: ESM "Dropped Events" messages

any confirmation on whether this is an issue? I'm seeing this too.

0 Likes
Reply
Madgenius Regular Contributor.
Regular Contributor.

Re: ESM "Dropped Events" messages

Request to inspect or check the archives/ disk space. When at times during the low disk space situation for drive space access possibly this events are observed! I appreciate sharing more findings/ updates!

Ashokkumar
0 Likes
Reply
Senior Member.. djao
Senior Member..

Re: ESM "Dropped Events" messages

Hi there.

Can you get anything  in search field in ESM   for   19uG5ATkBABC9M7MVM+ugxQ?

I think it will be user ID  for forwarding connector.

Let me know if you found anything.

0 Likes
Reply
Community Manager COEST Community Manager
Community Manager

Re: ESM "Dropped Events" messages

Hello!

 I noticed that you posted a new comment to discussion posts which are pretty old. In fact this is the archive discussion board - if you have a new question or issues, I'd recommend to submit a new post to the ArcSight discussion board here: https://community.softwaregrp.com/t5/ArcSight-User-Discussions/bd-p/arcsight-discussions#.W5u8eaYzY2w

Hope this will help!

0 Likes
Reply
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.