This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

RSA netwitness V11.1 extenion meta not working in report engine

sureshKsureshK
Beginner
Beginner

‎2018-08-02 07:18 AM

Hello Guys,

 

After upgrade to RSA Netwitness to 11.1, In report engine extension meta query isn't working. Kindly help/suggest on my query.

 

Thanks,

Suresh K  

0 Likes
6 REPLIES 6

EricaChalfin
Employee (Retired) Employee (Retired)
Employee (Retired)

‎2018-08-02 09:48 AM

suresh K‌,

 

I've moved your question to the RSA NetWitness Platform" data-type="space <@mention to product space> where it will be seen by the product's support engineers, other customers and partners.  Please bookmark this page and use it when you have product-specific questions.

 

Alternatively, from the RSA Customer Support" data-type="space page, click on Ask A Question on the blue navigation bar and choose Ask A Product Related Question.  From there, scroll to RSA NetWitness Platform" data-type="space and click Ask A Question.  That way your question will appear in the correct space.

Regards,

Erica

0 Likes

JoshRandall
Valued Contributor Valued Contributor
Valued Contributor

‎2018-08-02 02:15 PM

suresh K can you post details of the query you are trying to run, along with any error messages you may be receiving?

 

Are you able to run the same query in the Investigation module?


Mr. Mongo
0 Likes

sureshKsureshK
Beginner
Beginner
In response to JoshRandall

‎2018-08-03 02:24 AM

Hello Joshula,

 

Yes , I can able to query the same extension in investigation module and I would see the output in investigation module. But however in report module output was blank.

 

 

Thanks,

Suresh K

0 Likes

sureshKsureshK
Beginner
Beginner
In response to EricaChalfin

‎2018-08-03 02:26 AM

Hello Erica,

 

Thanks for your information

0 Likes

EricPartington
Employee
Employee
In response to sureshKsureshK

‎2018-08-03 09:26 AM

Need more details... 

 

time ranges the same?

same concentrator or broker that you are connecting to?

Does that broker or concentrator have data (aggregation is working?),

are you using test rule and that returns no data?

Is the relative time box checked for the rule test?

are the time ranges for your investigation and rule the same?

what is the syntax of your rule and your investigate drill? 

 

please provide them here.

0 Likes

sureshKsureshK
Beginner
Beginner
In response to EricPartington

‎2018-08-04 04:55 AM

Hello Eric Parington,

time ranges the same? Past 1Day.

Does that broker or concentrator have data (aggregation is working?). Aggregation is working fine, If I have add the extension meta query in report module report output is blank.

are you using test rule and that returns no data?  No test rule, Before upgrade to 11.1 mine report output have data with extension meta query.

are the time ranges for your investigation and rule the same? Yes same error query.

what is the syntax of your rule and your investigate drill?  device.type='cacheflowelff' && extension='txt'

 

Kindly help/suggest me.

 

Thanks,

Suresh K   

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.