Article Number
000001659
Applies To
RSA Product Set: Security Analytics
RSA Product/Service Type: Event Stream Analysis (ESA), Security Analytics UI
RSA Version/Condition: 10.6.x
Platform: CentOS
Platform (Other): MongoDB
O/S Version: EL6
Issue
When navigating to the
Alerts ->
Summary page in the RSA Security Analytics UI, the error message "
Error getting data" is displayed.
Image descriptionThe Alerts Summary page may also simply be blank with no data being displayed, as shown below.
Image description
Cause
This issue occurs when the MongoDB database that stores the ESA alerts becomes too large.
Resolution
Run the following command from an SSH session of your ESA host to check the size of the ESA alert database:
# echo 'show collections' | mongo esa -u esa -p esa
You will receive an output similar to the following:
Image description
Workaround
To maintain the size of the ESA alert database at a manageable level, please refer to the article entitled ESA Config: Configure ESA Storage.
To reduce the size of the ESA alert database, there are a few options: