What are the steps to be checked if data is not showing in the Log analyzer dashboard?

Gireesh · April 1, 2021, 6:53am

Follow the below steps to troubleshoot the issue -

We need to check whether elastic search is accessible or not by using http[s]://[hostname]:[port]/
Example: http://localhost:9200/
Make sure SapphireES and SapphireIMSLogAnalyzer services are running.
Verify data collection is happening or not using following URL http[s]://[hostname]:[port]/_cat/indices
Example: http://localhost:9200/_cat/indices
Verify Raw Data collected or not in another tab
If Raw data is collecting data then verify the Errors in LogAnalyzer.log in following path SapphireIMS\Plugins\LogAnalyzer\log, we may come across errors like indexnotfound.
To recreate the template, using command prompt run “run.bat” in following path SapphireIMS\Plugins\LogAnalyzer\upgrade\DREC\
Delete the current index which gets recreated automatically by using following command in command prompt in administrator mode
“curl.exe -XDELETE http[s]://[hostname]:[port]/[indexname]”
Example: “curl.exe -XDELETE http://localhost:9200/”
Index we can get from accessing URL as mentioned in #3 ( Example: http://localhost:9200/_cat/indices ) and curl.exe can be obtained from location (SapphireIMS\Plugins\LogAnalyzer\bin)

Topic	Replies	Views
Endpoint is physically up, but it is showing as down in SapphireIMS. How to troubleshoot this? Discovery, Inventory and Compliance how-to	497	April 14, 2021
What needs to be checked if AD OU list and Users are not importing using Cloud Connector plugin? User Management how-to , faq	570	June 1, 2021
Which logs to be validated if automation jobs got failed in agent side? General how-to	323	March 8, 2021
How to Generate Network Captures for Troubleshooting? General how-to	591	December 16, 2021
Does SapphireIMS figure out machines which are missing agent vs actual available machines in organization using some reconciliation method? Agent-based Discovery faq	334	March 1, 2021