How to clean up the MongoDB for the Incident Management Module in SA 10.4.0.2?
How to clean up the MongoDB for the Incident Management Module in SA 10.4.0.2?
I have done this on the "Alert" part of the DB, should be similar for the "Incident" tables
SSH login on the ESA box
Login to the mongo DB
Check how many alerts are stored: db.alert.aggregate( [ { $group: { _id: "$alert.source", count: { $sum: 1 } } } ])
Remove all the alerts: db.alert.remove()
What's this?
[root@esa ~]# mongo
TokuMX mongo shell v1.4.2-mongodb-2.4.10
connecting to: test
> db.alert.aggregate( [ { $group: { _id: "$alert.source", count: { $sum: 1 } } } ])
Error: Printing Stack Trace
at printStackTrace (/data/package-rpm-el6/build/BUILD/tokumx-enterprise-1.4.2/src/mongo/shell/utils.js:37:15)
at DBCollection.aggregate (/data/package-rpm-el6/build/BUILD/tokumx-enterprise-1.4.2/src/mongo/shell/collection.js:660:9)
at (shell):1:10
Wed Feb 4 15:10:01.597 aggregate failed: { "ok" : 0, "errmsg" : "unauthorized" } at /data/package-rpm-el6/build/BUILD/tokumx-enterprise-1.4.2/src/mongo/shell/collection.js:661
[root@saesarchvr ~]# mongo im -u ******-p ****** (replace ***** with user / password of the im database)
TokuMX mongo shell v1.4.2-mongodb-2.4.10
connecting to: im
> db.alert.aggregate( [ { $group: { _id: "$alert.source", count: { $sum: 1 } } } ])
{
"result" : [
{
"_id" : "Reporting Engine",
"count" : 32
},
{
"_id" : "Event Stream Analysis",
"count" : 39753
}
],
"ok" : 1
}
> db.incident.aggregate( [ { $group: { _id: "$incident.source", count: { $sum: 1 } } } ])
{ "result" : [ { "_id" : null, "count" : 4 } ], "ok" : 1 }
last one for incident. - sorry I do not delete my base.
# mongo admin -u xxxxx -p xxxx
> use im
> db.alert.aggregate( [ { $group: { _id: "$alert.source", count: { $sum: 1 } } } ])
{
"result" : [
{
"_id" : "Reporting Engine",
"count" : 12011
},
{
"_id" : "Event Stream Analysis",
"count" : 50115
},
{
"_id" : "Security Analytics Investigator",
"count" : 1
}
],
"ok" : 1
}
> db.incident.aggregate( [ { $group: { _id: "$incident.source", count: { $sum: 1 } } } ])
{ "result" : [ { "_id" : null, "count" : 733 } ], "ok" : 1 }
# mongo admin -u ****** -p **********
> use im
> db.alert.aggregate( [ { $group: { _id: "$alert.source", count: { $sum: 1 } } } ])
{
"result" : [
{
"_id" : "Reporting Engine",
"count" : 12011
},
{
"_id" : "Event Stream Analysis",
"count" : 50115
},
{
"_id" : "Security Analytics Investigator",
"count" : 1
}
],
"ok" : 1
}
> db.incident.aggregate( [ { $group: { _id: "$incident.source", count: { $sum: 1 } } } ])
{ "result" : [ { "_id" : null, "count" : 733 } ], "ok" : 1 }
[root@saesarchvr ~]# mongo im -u ******-p ****** (replace ***** with user / password of the im database)
TokuMX mongo shell v1.4.2-mongodb-2.4.10
connecting to: im
> db.alert.aggregate( [ { $group: { _id: "$alert.source", count: { $sum: 1 } } } ])
{
"result" : [
{
"_id" : "Reporting Engine",
"count" : 32
},
{
"_id" : "Event Stream Analysis",
"count" : 39753
}
],
"ok" : 1
}
> db.incident.aggregate( [ { $group: { _id: "$incident.source", count: { $sum: 1 } } } ])
{ "result" : [ { "_id" : null, "count" : 4 } ], "ok" : 1 }
last one for incident. - sorry I do not delete my base.