000036997 - Data used from a large reporting engine list will fail investigation due to a URI character limitation in RSA NetWitness Logs & Network

Document created by RSA Customer Support Employee on Dec 7, 2018
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000036997
Applies ToRSA Product Set: NetWitness Logs & Network
RSA Product/Service Type: Security Analytics Server
RSA Version/Condition: 10.6.6, 11.0
IssueWhen you have a large Reporting Engine List and use the list to populate data in an investigator it will fail due to URI character limitation.

414 Request-URI Too Large
ResolutionThis has been resolved in RSA NetWitness version 11.1 and will be resolved in RSA Security Analytics version 10.6.7.  In the fixed version, we have a limit of 8192 characters to store this list. If the list goes outside of this range, we throw a limit exception. This limit value has been set based on performance testing. If the list has exceeded this limitation, it is suggested to re-evaluate how and where the list can be split.