000031894 - Archer is reporting an unspecified parsing error in RSA Security Analytics

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000031894
Applies ToRSA Product Set: Security Analytics
RSA Product/Service Type: Archiver
RSA Version/Condition: 10.3.x, 10.4.x
Platform: CentOS
O/S Version: EL6
IssueErrors similar to the example below are seen when running reports on the Archiver.
There was an unspecified parsing error.
Input(time='2015-Oct-31 18:30:00'-'2015-Nov-02 18:29:59')&&(device.type=symantecav).
CauseThe meta key "device.type" specified in the error message is missing from the index-archiver-custom.xml.
ResolutionAdd the meta key "device.type" to the index-archiver-custom.xml and restart the nwarchiver service.
Make sure that aggregation has started before running the report again otherwise you will get an error message about the sdk.