Resolution | To resolve this issue you will need to go to the explore view of the ESA and change the setting by following the steps below.
- In the Security Analytics UI, navigate to Administration -> Services.
- Find the ESA service, click on the gear icon to its right, and select View -> Explore.
- In the directory structure that presents itself on the left, click the + next to CEP and then click the + next to Engine.
- Click on the cepEngine listing and the window on the right of the screen will populate with information.
- Search for the string UsingEventTime, which will be set to false, and change the setting to true.
 Once this setting is changed you will need to restart the ESA service with the steps below.
- In the Security Analytics UI, navigate to Administration -> Services.
- Find the ESA service, click on the gear icon to its right, and select Restart.
If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article number for further assistance. |