|Applies To||RSA NetWitness NextGen|
RSA NetWitness NextGen 8.6
RSA NetWitness Concentrator
RSA NetWitness Administrator
|Issue||Error message "Index org.src has exceeded value threshold" on RSA NetWitness appliances.|
While utilizing the system you may find the performance is degrading and checking the concentrator.log file you find multiple entries per day similar to the examples below.
|Cause||This issue occurs because the default values for the domain and organization index keys need to be adjusted.|
Utilize NetWitness Administrator to connect to the concentrators and edit the file index-concentrator.xml via the "File Configuration Editor". Locate the key descriptions"Source Domain", "Destination Domain", "Source Organization", and "Destination Organization". Modify these entries to the following:
Once the edits have been saved the concentrator will need to be restarted. Do the following to restart the concentrator. Stop all aggregation via the NetWitness Administrator. Ensure all aggregation is stopped by checking the log file for "Aggregation threads have completed".
Then perform a "Restart Server" from the "System Settings" screen for the concentrator. Check whether or not aggregation starts after the service comes back up and start it manually if it doesn't.
|Legacy Article ID||a58578|