000031813 - How to purge the VLC shovel queue in RSA Security Analytics

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 5Show Document
  • View in full screen mode

Article Content

Article Number000031813
Applies ToRSA Product Set: Security Analytics
RSA Product/Service Type: Virtual Log Collector (VLC), Security Analytics UI
Platform: CentOS
TasksThis article addresses how to purge the data in the data queues if they utilize the bandwidth between a remote Log Collector and a Local Log Collector.
ResolutionTo purge the data in the shovel queue, follow the steps below.
  1. Connect to the Virtual Log Collector (VLC) via SSH as the root user.
  2. Issue the command below.
curl -s --user 'admin:netwitness' 'http://<VLCIP>:50101/event-broker?msg=purge&force-content-type=text/plain&expiry=600&<shovel.queue.name<%20%20>>'

  • VLCIP = The Virtual Log Collector IP address
  • shovel.queue.name = The shovel queue name that you want to purge. You can get that from the explore view of the VLC as per snapshot below
  • This example assumes using the default admin password.
User-added image

NotesRemember to replace the *underscore* "_" with the *dot* "." as per the command above.