Hey SA Community:
I want to bring a minor but possibly common misconfiguration to your attention regarding Security Analytics Warehouse and Warehouse Connector. Recently I've come across this misconfiguration a few times, so I thought it would be good to let you all know about it.
In this scenario, when freshly installing 10.3 SP1 or performing an upgrade from 10.2, for those environments with Security Analytics Warehouse, there have been a few instances of Warehouse Connector 10.3 SP1 being installed fresh with a new SA deployment or else during an upgrade from 10.2.X performing a straight install of Warehouse Connector 10.3 SP1 rather than using this RPM as an upgrade.
Should this happen you can expect the Source and Destination to be configured properly and error-free, however, when creating the Stream the installer may receive the following error message:
"Failed to execute .: <unspecified file>(1): expected object or array.Incomplete stream will be deleted"
If you find this scenario during a fresh install or upgrade of SA, the solution is very simple:
1) Uninstall Warehouse Connector 10.3 SP1
2) Install Warehouse Connector 10.3
3) Upgrade Warehouse Connector from 10.3 to 10.3 SP1
If you have any questions on this post, please let me know.