search cancel

Security Analytics searches may fail if searching outside of your capture and/or meta data window


Article ID: 169121


Updated On:


Security Analytics



If a search is done on Security Analytics for data that is older than the beginning of capture data or before the sensor started capturing any data, the gaugefs process may crash.  The monitoring service will automatically restart the gaugefs process, but you may notice a hiccup in the process or possibly will not get any results back.  Confirm that the start and end date for the search you are performing is within the capture and/or meta data window.

You can confirm if the segfaults are happening by using this command:  grep -i segfault /var/log/messages

This is fixed in Security Analytics version 7.2.x and later.