Security Analytics searches may fail if searching outside of your capture and/or meta data window

book

Article ID: 169121

calendar_today

Updated On:

Products

Security Analytics

Issue/Introduction

Resolution

If a search is done on Security Analytics for data that is older than the beginning of capture data or before the sensor started capturing any data, the gaugefs process may crash.  The monitoring service will automatically restart the gaugefs process, but you may notice a hiccup in the process or possibly will not get any results back.  Confirm that the start and end date for the search you are performing is within the capture and/or meta data window.

You can confirm if the segfaults are happening by using this command:  grep -i segfault /var/log/messages

This is fixed in Security Analytics version 7.2.x and later.