CB Response: Event cores exists with no events showing in the console
search cancel

CB Response: Event cores exists with no events showing in the console

book

Article ID: 287996

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

Events are not showing in the console but event core sizes suggest data exists

Environment

Carbon Black Response Server: 6.x and above

Cause

cb.core.conf is not being created with new cores due to port 8080 proxy

Resolution

  1. Confirm port 8080 is listed in iptables 
    iptables -nL | grep 8080
  2. Remove port 8080 from the proxy

Additional Information

  • A proxy on port 8080 for Solr is not supportedĀ and can cause some commands to not run properly
  • /var/cb/data/sorl5/cbevents/cbevents<core>/cb.core.conf is used to determine if the core should be loaded to memory for searches.
Powered by Wolken Software