000030486 - DB locking errors during alert ingestion and alert deletion in RSA Security Analytics

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000030486
Applies ToRSA Product Set: Security Analytics

RSA Product/Service Type: Incident Management

RSA Version/Condition:

Platform: CentOS

O/S Version: EL6
IssueWhen Incident Management is ingesting alerts with a creating date of older than 5 minutes, deleting any alerts that include items from the last 5 minutes will cause a DB lock errors to be written to the /opt/rsa/im/im.log file: 
"com.mongodb.WriteConcernException: { "serverUsed" : "nn.nn1.nn2.nn3:27017" , "err" : "Lock not granted. Try restarting the transaction." , "code" : 16759 , "n" : 0 , "connectionId" : 375 , "ok" : 1.0}”
ResolutionThis issue has been permanently resolved in Security Analytics
WorkaroundThe alert will eventually be ingested and deleted after one of the operations is done. Ignore the errors in the /opt/rsa/im/im.log file.