000031895 - How to fix aggregation issues related to the Log Decoder ID in RSA Security Analytics

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000031895
Applies ToRSA Product Set: Security Analytics
RSA Product/Service Type: Log Decoder
RSA Version/Condition: 10.3, 10.4
Platform: CentOS
O/S Version: EL5, EL6
IssueWhen aggregation between log decoder and concentrator is not working and getting error message similar to the one below:
Failed to initialize device 'x.x.x.x:50002' because log decoder ID meta type is not indexed by value in current language. Device aggregation is being stopped
ResolutionTo resolve the issue, remove the line below from the /etc/netwitness/ng/index-concentrator-custom.xml file and restart the nwconcentrator service.
<key description="Decoder Source" format="Text" level="IndexKeys" name="did"/>