EDR: "An Error Occurred While Requesting Process Data" When Viewing An Alert
search cancel

EDR: "An Error Occurred While Requesting Process Data" When Viewing An Alert

book

Article ID: 287201

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response) Carbon Black Hosted EDR (formerly Cb Response Cloud)

Issue/Introduction

Receive "An error occurred while requesting process data" in red box in upper-right corner of EDR UI when attempting to view alert data. 

Environment

  • EDR Console: All Supported Versions

Cause

An alert that was selected no longer has existing data

Resolution

1. Confirm in the UI that the alert being selected is within expected retention
  • The product defaults to sorting by severity. If an old alert has not been resolved and has a high severity, it may be at the top of the list and the data no longer exists
User-added image
2. If the date is within what you would expect to see for retention, confirm the oldest event.
  1. In the console, go to the process search page. 
  2. On the right side, select "All Available" from the drop down, then click search. 
  3. Take note of the total (x)  "show 10 of x". Round this down. For example, 219975 should be 219970
  4. In the browser URL, add &start=total to the end of the URL 
    &start=219970
    It will look something like this for the full query 
    https://<myserver>/#/search?cb.urlver=1&rows=10&facet=false&facet.field=process_name&facet.field=group&facet.field=hostname&facet.field=parent_name&facet.field=path_full&facet.field=process_md5&facet.field=username_full&sort=last_update%20desc&cb.min_last_update=&cb.max_last_update=&cb.query_source=ui&cb.strict=1&q=&start=219970
  5. If the retention is not what you expect, please review the information EDR: How is Data Retention Determined
Powered by Wolken Software