Security Analytics searches may fail if searching outside of your capture and/or meta data window
book
Article ID: 169121
calendar_today
Updated On:
Products
Security Analytics
Issue/Introduction
Resolution
If a search is done on Security Analytics for data that is older than the beginning of capture data or before the sensor started capturing any data, the gaugefs process may crash. The monitoring service will automatically restart the gaugefs process, but you may notice a hiccup in the process or possibly will not get any results back. Confirm that the start and end date for the search you are performing is within the capture and/or meta data window.
You can confirm if the segfaults are happening by using this command: grep -i segfault /var/log/messages
This is fixed in Security Analytics version 7.2.x and later.