When configuring a Reporting Engine rule, the user cannot see the Archiver in the available data sources.
This issue occurs when the Archiver data source is not properly added in the Security Analytics UI. The information stored in Security Analytics for the service and the information stored in reporting engine for the same service do not match.
Therefore, when a user creates a Reporting Engine rule in the Security Analytics UI, the SA Server skips the Archiver because it cannot identify the correct data source based on the information provided by the Reporting Engine.
This issue has been addressed in Security Analytics 10.5.1.2.
To resolve the occurrence, perform the steps below.
Log in to the Security Analytics UI as an administrative user.
Go to Administration > Services > Reporting Engine > View > Config > Sources.