Error occurred / No data available on Analyze > Summary page
search cancel

Error occurred / No data available on Analyze > Summary page


Article ID: 238594


Updated On:


Security Analytics Security Analytics - VA


The reports from Analyze -> Summary will not return values if the captured packets are not indexed.  Releases previous to 8.2.1 required extended startup time for the indexing process after a reboot on systems with larger packet capture databases.  The startup timeout must be extended to correct this.

The startup process has been streamlined and there are also health tests to check for and notify the administrators if the indexing process (shaft) has failed.


Release : 7.3.6


There are some systems with very large packet capture filesystems and the indexing process (shaft) may be canceled if it takes too long to start.


To correct this, the number of seconds configured in TimeoutStartSec must be extended.  This allows the shaft indexing process to get started before it is deemed to have failed and killed.

  1. Login as root to the command line.
  2. Edit /etc/systemd/system/solera-shaft.service.  
  3. Change  the TimeoutStartSec from 600s to 1800s.  This is the amount of time in seconds the systemd startup process waits before giving up on the module. 
  4. Save the changes.
  5. Run 'scotus stop' 
  6. Run 'scotus start'  - Restarting could take more than 30 minutes but that is what the old style of shaft required with the largest capture filesystems.
  7. A full reboot may be required if the system continues to not produce reports.