Skip to main content
HafizJasmi
HafizJasmi
New Member
December 29, 2020
Question

No data Issue

  • December 29, 2020
  • 1 reply
  • 979 views

Dear All,


I am using FortiSIEM 5.3.1, i notice some issue when click on Event tab, it suppose to show the details regarding the alert like raw log but i keep getting No data. Any idea why?

    1 reply

    FSM_FTNT
    Staff
    FSM_FTNT
    Staff
    December 29, 2020

    Hi Muhammad,

    This is under the Incident Tab / select and Incident / Events ... obviously it should be showing data.

    Can you do some basic checks from the CLI as root user:

    phstatus

    --all processes should be up. Make sure your SSH console screen if full screen.

    dh -h

    -- make sure you have disk space -the /data drive if using the native event database should not be 100% as the system should manage the storage.

    top

    -- check the load is not too high.. anything <4 should be ok.

    How old is the Incident and what is the Rule?

    Do you see other event data from that same time period if you run an analytical search?

    Thanks

    Dan



    ------------------------------
    Daniel
    FortiSIEM Product Manager
    ------------------------------
    -------------------------------------------
    Original Message:
    Sent: Dec 28, 2020 10:51 PM
    From: Muhammad Hafiz Safwan Bin Jasmi
    Subject: No data Issue

    Dear All,


    I am using FortiSIEM 5.3.1, i notice some issue when click on Event tab, it suppose to show the details regarding the alert like raw log but i keep getting No data. Any idea why?

    HafizJasmi
    HafizJasmiAuthor
    New Member
    January 13, 2021

    Hi Daniel,

    The issue resolve when we reboot collector

    -------------------------------------------
    Original Message:
    Sent: Dec 29, 2020 11:51 AM
    From: Daniel Hanman
    Subject: No data Issue

    Hi Muhammad,

    This is under the Incident Tab / select and Incident / Events ... obviously it should be showing data.

    Can you do some basic checks from the CLI as root user:

    phstatus

    --all processes should be up. Make sure your SSH console screen if full screen.

    dh -h

    -- make sure you have disk space -the /data drive if using the native event database should not be 100% as the system should manage the storage.

    top

    -- check the load is not too high.. anything <4 should be ok.

    How old is the Incident and what is the Rule?

    Do you see other event data from that same time period if you run an analytical search?

    Thanks

    Dan



    ------------------------------
    Daniel
    FortiSIEM Product Manager
    ------------------------------

    Original Message:
    Sent: Dec 28, 2020 10:51 PM
    From: Muhammad Hafiz Safwan Bin Jasmi
    Subject: No data Issue

    Dear All,


    I am using FortiSIEM 5.3.1, i notice some issue when click on Event tab, it suppose to show the details regarding the alert like raw log but i keep getting No data. Any idea why?

    Terms & ConditionsAccessibility statement