.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
Issue
Broker Aggregation from Concentrator shows " failed" status in Broker->Config->General tab.
/var/log/messages:
Nov 7 07:55:55 NwBroker NwBroker[14798]: [Bandwidth] [info] Performing bandwidth test to device 10.1.11.5:50005...
Nov 7 07:55:55 NwBroker NwBroker[14798]: [Bandwidth] [info] Received 25 MB at a transfer rate of 113.64 MB/sec or 953.3 Mbps from device '10.1.11.5:50005'
Nov 7 07:55:55 NwBroker NwBroker[14798]: [Aggregation] [info] Device '10.1.11.5:50005' is being initialized
Nov 7 07:55:55 NwBroker NwBroker[14798]: [Broker] [info] Local database found no sessions for device '10.1.11.5:50005'
Nov 7 07:55:55 NwBroker NwBroker[14798]: [Aggregation] [info] Device '10.1.11.5:50005' is querying for exact session time
Nov 7 07:55:55 NwBroker NwBroker[14798]: [Aggregation] [failure] Failed to initialize device '10.1.11.5:50005' because There are too many pending queries at this time, please resubmit the query later. Device aggregation is being stopped.
Nov 7 07:55:55 NwBroker NwBroker[14798]: [Device] [info] Device '10.1.11.5:50005' is coming online
Nov 7 07:55:55 NwBroker NwBroker[14798]: [Bandwidth] [info] Performing bandwidth test to device 10.1.11.5:50005...
Nov 7 07:55:55 NwBroker NwBroker[14798]: [Bandwidth] [info] Received 25 MB at a transfer rate of 113.64 MB/sec or 953.3 Mbps from device '10.1.11.5:50005'
Nov 7 07:55:55 NwBroker NwBroker[14798]: [Aggregation] [info] Device '10.1.11.5:50005' is being initialized
Nov 7 07:55:55 NwBroker NwBroker[14798]: [Broker] [info] Local database found no sessions for device '10.1.11.5:50005'
Nov 7 07:55:55 NwBroker NwBroker[14798]: [Aggregation] [info] Device '10.1.11.5:50005' is querying for exact session time
Nov 7 07:55:55 NwBroker NwBroker[14798]: [Aggregation] [failure] Failed to initialize device '10.1.11.5:50005' because There are too many pending queries at this time, please resubmit the query later. Device aggregation is being stopped.
Nov 7 07:55:55 NwBroker NwBroker[14798]: [Device] [info] Device '10.1.11.5:50005' is coming online
Cause
Navigating to Concentrator->Explore->sdk->stats page shows queries.pending as high as below.
Resolution
Please follow below steps to cancel pending queries.- Login to Netwitness GUI and Navigate to Concentrator->Explore->sdk.
- Right-click on sdk to click properties.
- Select cancel from drop-down and options will be handle=
then click send.
Note:can be replaced with number under Concentrator->Explore->sdk->stats->queries by expanding +. - 4. Response box shows the Success on successful cancellation of pending queries.
Product Details
RSA Product Set: NetWitness PlatformRSA Product/Service Type: Core Appliance
RSA Version/Condition: 11.X
Platform: CentOS
O/S Version: 7
Summary
This document outlines the procedure to cancel the pending queries on Concentrator.
Approval Reviewer Queue
RSA NetWitness Suite Approval Queue