000026504 - How to stop aggregation for an RSA Security Analytics device using the Device Explorer view.

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000026504
Applies ToRSA Security Analytics
RSA NetWitness NextGen
Device Explore
IssueHow to stop aggregation for an RSA Security Analytics device using the Device Explorer view.
How to stop aggregation if the Stop aggregation button doesn?t work?
Alternative way to stop aggregation using device explorer view.
ResolutionIn rare circumstances, the "Stop Aggregation" capability may not respond or may not successfully stop aggregation at an appliance.  If this happens, there is a simple alternative way to send the Stop Aggregation command via the Device Explorer view, as shown in the steps below.

  1. Within Security Analytics (SA) navigate to the Administration -> Devices page. Select the appropriate device (Broker, or Concentrator) and navigate to the View -> System. Proceed to try to Stop Aggregation.
  2. Proceed to View -> Logs, and see if Aggregation Threads have completed successfully.
  3. If aggregation does not respond appropriately, navigate to the Device Explorer view, i.e. View -> Explore
  4. Proceed to Right-Click on the '/Concentrator' tree, and select 'Properties'
  5. Select from the Properties drop-down to send the Stop or Start commands. Once selected, proceed to issue the Send button to send the command.
  6. Select to View -> Logs, and confirm that the aggregation threads have completed.
  7. Proceed to reverse these procedures if you need to start aggregation.

If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article ID for further assistance.

Legacy Article IDa68023