Skip to content
  • There are no suggestions because the search field is empty.

Recent queries do not show in Investigate > Navigate in RSA NetWitness version 11.3.0.1

Issue

In RSA NetWitness version 11.3.0.1, the "Recent" queries do not appear in Investigate > Navigate.


Workaround

  1. Run the following commands from an SSH session of the node zero server:
    # mongo investigate-server -u deploy_admin -p <mongo password> --authenticationDatabase admin 

    > db.predicate.drop() 

    > db.userPredicate.drop() 

    > exit

    - The "predicate" collection contains the queries ran.
    - The "userPredicate" collection contains the users who ran each query. 
    - By dropping both collections, it clears out who ran which query. 
     
  2. Log in to the RSA NetWitness UI and check within Investigate > Navigate if the "Recent" queries are being saved.


Resolution

The issue will be fixed in 11.3.1.1.
Until the fix becomes available, please apply the workaround below.

Notes

If needed, to find the above, run the following command from an SSH session of the node zero server: 
# security-cli-client --get-config-prop --prop-hierarchy nw.security-client --prop-name platform.deployment.password --quiet

If this does not solve your issue, please  open a case with RSA Technical Support and reference this article so that we may better assist you.

Product Details

RSA Product Set: NetWitness Logs & Network
RSA Product/Service Type: NetWitness UI
RSA Version/Condition: 11.3.0.1
Platform: CentOS
O/S Version: 7

Summary

In RSA NetWitness version 11.3.0.1, the Recent queries do not appear in Investigate > Navigate.


Approval Reviewer Queue

RSA NetWitness Suite Approval Queue