Enforce Shows System Event Code 1818 - "Incident is oversized"
Article ID: 161913
Updated On:
Products
Issue/Introduction
Enforce GUI displays System Event Code 1818: Incident is oversized, has been persisted with a limited number of components and/or violations.
========================
Example - System Overview
========================
Warning 4/15/15 2:28 AM Enforce Server 127.0.0.1 1818 Incident is oversized, has been persisted with a limited number of components and/or violations
==========================
Example - Server Event Details
==========================
General
Type: Warning Time: Apr 15, 2015 2:28:37 AM
Server: Enforce Server Host: 127.0.0.1
Message
Code: 1818
Summary: Incident is oversized, has been persisted with a limited number of components and/or violations
Detail: Incident is oversized, has been partially persisted with messageID <messageID>, Incident File Name <Incident Filename>
============================
Example 1 - IncidentPersister_0.log
============================
Apr 15, 2015 2:28:26 AM (SEVERE) Thread: 1630 [com.vontu.incidenthandler.message.persist.convert.v12.MessageComponentProcessor.createComponentsAndIncidents] Violations beyond 500 have been discarded for incident ID: <incidentID> per max.violation.per.message property value
Apr 15, 2015 2:28:37 AM (SEVERE) Thread: 1630 [com.vontu.incidenthandler.message.persist.IncidentPersistingThread.cleanupIncidentFile] Over
============================
Example 2 - IncidentPersister_0.log
============================
Feb 12, 2025 10:20:56 AM (WARNING) Thread: 138 [com.vontu.incidenthandler.message.persist.convert.v16.MessageComponentProcessor.createComponentsAndIncidents] Violations beyond 500 have been discarded for incident ID: <incidentID> per max.violation.per.incident property value
Feb 12, 2025 10:20:56 AM (INFO) Thread: 138 [com.vontu.incidenthandler.message.persist.IncidentPersistingThread.cleanupIncidentFile] Oversized incident retention is disabled, incident file discarded: <incident Filename>
Cause
A very large incident file with a high volume of message components and/or violations (matches) was presented to Enforce. Large incident files will be persisted with only a limited numbers of violations and components into the Oracle Database; the rest of the violations and components will be discarded (not persisted in Database).
This is intended functionality and is working as designed.
Resolution
The following options can be changed in IncidentPersister.properties to adjust the incident thresholds, respectively.
Default Values:
max.violation.per.message = 500
max.component.per.message = 500
Please Note that "max.component.per.message" is the only one available by default in the config files.
# max.component.per.message is the maximum number of message components in an incident.
# The default value for max.component.per.message = 500
max.component.per.message = 500
You could also add the "max.violations.per.message" to the file in order to alter the max value for the violations as seen below.
# max.component.per.message is the maximum number of message components in an incident.
# The default value for max.component.per.message = 500
max.component.per.message = 500
max.violations.per.message = 500
(Disclaimer: Changing the incident thresholds beyond the default values will require additional processing and resources which will affect performance accordingly.)
Feedback
