Unable to Export Logs From Investigate View
The version is 10.6.5.1. I have tried to export 10, 20 , 100 logs and the export feature does not work. I have also tried to query concentrators directly and then export them. The jobs section shows. Export is 'waiting' and never completes. I can query but not export any logs on my system.
This sounds similar to this KBA here : https://community.rsa.com/docs/DOC-53274
Usually, the "sdk.packets” permission is what's missing that blocks this, but I believe we show an error when that is the cause so it may not be relevant to your situation.
Regardless, can you check that your role has the necessary permissions to export raw data? You should also check that the service account your system uses for aggregation (i.e.: the account you use to add a decoder to a concentrator for aggregation, or a concentrator to a broker, etc.) has these permissions, as well.
I have checked and the users have permission to export raw data. This problem is being faced by users intermittently in our environment. The users are able to export data most of the times but intermittently this stops working for the same users.
Can you point me to some other checks I should make to have this fixed?