search cancel

"Query could not be executed..." when navigating to Search -> Events

book

Article ID: 173786

calendar_today

Updated On:

Products

Endpoint Detection and Response

Issue/Introduction

When navigating to the Search -> Events section in the Symantec Endpoint Detection and Response (SEDR) console, the error listed below is displayed instead of the page.  The error may also be displayed when navigating to the Related Events of an Incident, or when attempting to navigate to Logging

Initial error:

Query could not be executed, please revise your search and/or check your network connection

When viewing the javascript console, the follow error is noted:

Kibana consolidated error messages[{
        "type": "info",
        "content": "Index Patterns: \nIn order to visualize and explore data in Kibana,\nyou'll need to create an index pattern to retrieve data from Elasticsearch.\n",
        "icon": "info-circle",
        "title": "Debug",
        "lifetime": 15000,
        "actions": ["accept"],
        "info": {
            "version": "6.1.2",
            "buildNum": 16363
        },
        "count": 1,
        "timeRemaining": 15,
        "timerId": {
            "$$state": {
                "status": 0
            },
            "$$intervalId": 6
        },
        "stacks": [null],
        "$$hashKey": "object:46"
    }, {
        "type": "danger",
        "content": "Authorization Exception",
        "icon": "warning",
        "title": "Error",
        "lifetime": 300000,
        "actions": ["report", "accept"],
        "stack": "Error: Authorization Exception\[email protected]://<SEDR IP/HOSTNAME>/kibana/bundles/kibana.bundle.js?v=16363:61:151667\[email protected]://<SEDR IP/HOSTNAME>/kibana/bundles/kibana.bundle.js?v=16363:61:155112\[email protected]://<SEDR IP/HOSTNAME>/kibana/bundles/kibana.bundle.js?v=16363:61:161556\[email protected]://<SEDR IP/HOSTNAME>/kibana/bundles/kibana.bundle.js?v=16363:61:160796\nAngularConnector.prototype.request/<@https://<SEDR IP/HOSTNAME>/kibana/bundles/kibana.bundle.js?v=16363:55:29074\[email protected]://<SEDR IP/HOSTNAME>/kibana/bundles/commons.bundle.js?v=16363:29:132456\nscheduleProcessQueue/<@https://<SEDR IP/HOSTNAME>/kibana/bundles/commons.bundle.js?v=16363:29:133349\[email protected]://<SEDR IP/HOSTNAME>/kibana/bundles/commons.bundle.js?v=16363:29:144239\[email protected]://<SEDR IP/HOSTNAME>/kibana/bundles/commons.bundle.js?v=16363:29:147007\[email protected]://<SEDR IP/HOSTNAME>/kibana/bundles/commons.bundle.js?v=16363:29:100015\[email protected]://<SEDR IP/HOSTNAME>/kibana/bundles/commons.bundle.js?v=16363:29:104697\ncreateHttpBackend/</[email protected]://<SEDR IP/HOSTNAME>/kibana/bundles/commons.bundle.js?v=16363:29:105435\n",
        "info": {
            "version": "6.1.2",
            "buildNum": 16363
        },
        "count": 1,
        "timeRemaining": 300,
        "timerId": {
            "$$state": {
                "status": 0
            },
            "$$intervalId": 15
        },
        "stacks": ["Error: Authorization Exception\[email protected]://<SEDR IP/HOSTNAME>/kibana/bundles/kibana.bundle.js?v=16363:61:151667\[email protected]://<SEDR IP/HOSTNAME>/kibana/bundles/kibana.bundle.js?v=16363:61:155112\[email protected]://<SEDR IP/HOSTNAME>/kibana/bundles/kibana.bundle.js?v=16363:61:161556\[email protected]://<SEDR IP/HOSTNAME>/kibana/bundles/kibana.bundle.js?v=16363:61:160796\nAngularConnector.prototype.request/<@https://<SEDR IP/HOSTNAME>/kibana/bundles/kibana.bundle.js?v=16363:55:29074\[email protected]://<SEDR IP/HOSTNAME>/kibana/bundles/commons.bundle.js?v=16363:29:132456\nscheduleProcessQueue/<@https://<SEDR IP/HOSTNAME>/kibana/bundles/commons.bundle.js?v=16363:29:133349\[email protected]://<SEDR IP/HOSTNAME>/kibana/bundles/commons.bundle.js?v=16363:29:144239\[email protected]://<SEDR IP/HOSTNAME>/kibana/bundles/commons.bundle.js?v=16363:29:147007\[email protected]://<SEDR IP/HOSTNAME>/kibana/bundles/commons.bundle.js?v=16363:29:100015\[email protected]://<SEDR IP/HOSTNAME>/kibana/bundles/commons.bundle.js?v=16363:29:104697\ncreateHttpBackend/</[email protected]://<SEDR IP/HOSTNAME>/kibana/bundles/commons.bundle.js?v=16363:29:105435\n"]
    }
]commons.bundle.js: 55: 216753

 

Cause

During setup, Kibana failed to properly create the configuration index.

Resolution

Please contact Symantec Technical Support for assistance resolving this issue.