000037837 - "Recent" queries do not show in Investigate > Navigate in RSA NetWitness version 11.3.0.1

Document created by RSA Customer Support Employee on Aug 19, 2019
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000037837
Applies ToRSA Product Set: NetWitness Logs & Network
RSA Product/Service Type: NetWitness UI
RSA Version/Condition: 11.3.0.1
Platform: CentOS
O/S Version: 7
IssueIn RSA NetWitness version 11.3.0.1, the "Recent" queries do not appear in Investigate > Navigate.
ResolutionThe issue will be fixed in 11.3.1.1.
Until the fix becomes available, please apply the workaround below.
Workaround
  1. Run the following commands from an SSH session of the node zero server:

    # mongo investigate-server -u deploy_admin -p <mongo password> --authenticationDatabase admin 

    > db.predicate.drop() 

    > db.userPredicate.drop() 

    > exit


    - The "predicate" collection contains the queries ran.
    - The "userPredicate" collection contains the users who ran each query. 
    - By dropping both collections, it clears out who ran which query. 
     
  2. Log in to the RSA NetWitness UI and check within Investigate > Navigate if the "Recent" queries are being saved.

 
NotesIf needed, to find the <mongo password> above, run the following command from an SSH session of the node zero server: 

# security-cli-client --get-config-prop --prop-hierarchy nw.security-client --prop-name platform.deployment.password --quiet


If this does not solve your issue, please open a case with RSA Technical Support and reference this article so that we may better assist you.

Attachments

    Outcomes