Help
FortiSIEM
FortiSIEM provides Security Information and Event Management (SIEM) and User and Entity Behavior Analytics (UEBA)
summer1
Staff
Staff

Created on ‎12-29-2025 10:51 AM

Article Id 424229

Troubleshooting Tip: Resolving EPS limit error 'Error: You have reached the total EPS limit for the whole system'

Description This article describes the steps to troubleshoot and resolve the error message 'You have reached the total EPS limit for the whole system' when creating collector under a newly created organization, despite sufficient EPS being available.
Scope FortiSIEM.
Solution

In this example, the device is licensed for 15000 EPS, out of which 7500 EPS is utilized by existing organizations. 

Despite how 7500 EPS is available for allocation, assigning the remaining 7500 EPS to the collector in a new organization fails and presents the following error message:

 

FSM-EPS error.png

 

This behavior indicates that EPS is still internally allocated in the backend.

 

This issue is mainly observed after an organization is deleted from GUI (under admin>setup>organization)

 

Even though an organization is removed from the GUI, their corresponding backend database objects may still exist (stale entries).

FortiSIEM continues to validate these stale objects during EPS checks, causing EPS to remain logically allocated and resulting in the error.

 

Resolution:

 

In such scenarios, the stale organization must be manually removed from the PostgreSQL database.

 

To remove the stale entries, follow these steps:

 

  1. Access the PostgreSQL Shell.

 

psql -U phoenix phoenixdb

 

  1. Determine stale organization entries (org_id) from the ph_sys_collector, ph_sys_cust_res, and ph_sys_cust_res_usage tables.

 

Check for stale entries from all the tables:

 

select name,cust_org_id,eps,ip_addr from ph_sys_collector;
select eps,target_cust_id from ph_sys_cust_res;
select cust_org_id,eps,collector_id from ph_sys_cust_res_usage;

 

To determine the stale organization ID from the output above, use the following column identifier:

Table name

Column identifier
ph_sys_collector cust_org_id
ph_sys_cust_res_usage cust_org_id
ph_sys_cust_res target_cust_id

 

stale.jpg

 

 

  1. Delete stale entries from the ph_sys_collectorph_sys_cust_res, and ph_sys_cust_res_usage tables.

 

Once the stale organization ID is identified, delete that ID (if any) from each table by supplying the command below.

Note: It is not necessary to see stale IDs in every table; if this is the case, only remove the ID from tables that have stale IDs. 

 

delete from ph_sys_collector where cust_org_id=<org ID>;
delete from ph_sys_cust_res where target_cust_id=<org ID>;
delete from ph_sys_cust_res_usage where cust_org_id=<org ID>;

 

Note: Replace <org ID> with the appropriate stale organization ID.

 

Screenshot_1.jpg

 

After these steps, EPS allocation should complete successfully without errors.

Additional Notes

  • Ensure the correct organization ID is supplied during the delete operation.
  • Deleting the organization object will delete all the objects that are part of the organization.
  • Be cautious when applying any back-end changes, as any incorrect action may impact production.
  • It is recommended that only users with good PostgreSQL knowledge perform these steps.
64
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2026 Fortinet, Inc. All Rights Reserved.