Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000031895 - How to fix aggregation issues related to the Log Decoder ID in RSA Security Analytics

Document created by RSA Customer Support

on Jun 14, 2016•Last modified by RSA Customer Support

on Apr 21, 2017

Version 2Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000031895
Applies To	RSA Product Set: Security Analytics RSA Product/Service Type: Log Decoder RSA Version/Condition: 10.3, 10.4 Platform: CentOS O/S Version: EL5, EL6
Issue	When aggregation between log decoder and concentrator is not working and getting error message similar to the one below: Failed to initialize device 'x.x.x.x:50002' because log decoder ID meta type is not indexed by value in current language. Device aggregation is being stopped
Resolution	To resolve the issue, remove the line below from the /etc/netwitness/ng/index-concentrator-custom.xml file and restart the nwconcentrator service. <key description="Decoder Source" format="Text" level="IndexKeys" name="did"/>

Attachments

Outcomes

0 Comments

Recommended Content