Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000032786 - Deployed Rule Memory Utilization shows 0 in Health and Wellness when Capture Time Ordering is enabled in RSA Security Analytics

Document created by RSA Customer Support

on Jun 14, 2016•Last modified by RSA Customer Support

on Apr 21, 2017

Version 2Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000032786
Applies To	RSA Product Set: Security Analytics RSA Product/Service Type: Health & Wellness, Event Stream Analysis (ESA), Security Analytics UI RSA Version: 10.6.0.0
Issue	Once StreamEnabled value is set to true (default value is false) for enabling Capture Time Ordering in ESA appliance, (Administration > Services > ESA > Explore > com.rsa.netwitness.esa > Workflow > Source > nextgenAggregationSource > StreamEnabled) the deployed ESA Rule Memory Utilization shows 0 in Health and Wellness. AverageBytesPerMeta in Administration > Services > ESA > Explore > com.rsa.netwitness.esa > CEP > Engine > cepEngine always shows 0 when StreamEnabled is true.
Resolution	This issue has been addressed in Security Analytics 10.6.0.1.
Workaround	Disable Capture Time Ordering in ESA. In the Security Analytics UI, select Administration > Services > ESA > Explore. Go to Workflow > Source > nextgenAggregationSource. Set the StreamEnabled attribute to false. Set the TimeOrdered attribute to false. If you disable Capture Time Ordering, you will lose the backlogged data, and events will no longer be ordered by capture time.
Notes	For more information on Capture Time Ordering, refer to the Security Analytics 10.6 User Guide.

Attachments

Outcomes

0 Comments

Recommended Content

Incoming Links

000032703 - RSA Security Analytics 10.6.0.0 Known Issues Master List