Connected Assets and Risk service troubleshooting

If you encounter an issue with the operation of the Connected Assets and Risk service, see the following information on problem resolution.

Connection error

After you install or upgrade QRadar Suite Software 1.11, the Connected Assets and Risk service is unable to process the new tenant data when the Hasura pod fails to start initially.

Symptoms

If you create a new account in QRadar Suite Software after a fresh install or an upgrade, you see the following message on the Data Explorer or the Threat Intelligence Insights dashboard.

Connection error: The asset and risk data cannot be contacted, configure CAR service to get access to asset information. Error code: Learn more in IBM Documentation - error.unavailable.refetch
On the Network tab, enter a search query for query. The search result displays the following error. 
code: "validation-failed"
message: "field <field_name> not found in type: query_root"

Resolving the problem

To resolve the connection error, the support team needs to run the upgrade command in the cp4s cluster.
  1. Log in to the affected cluster.
  2. Identify the Connected Assets and Risk pod in the cp4s namespace. For example, car-podID-1234.
  3. Run the following upgrade command.
    `oc exec car-<id> -- node /opt/app-root/app/build/app.js -c upgrade`
  4. Wait for the upgrade process to complete.

Database query error

After you install or upgrade QRadar Suite Software 1.11, the Connected Assets and Risk service is unable to process data.

Symptoms

After you install or upgrade QRadar Suite Software, you see the following message.

Connection error: The asset and risk data cannot be contacted, configure CAR service to get access to asset information. Error code: Learn more in IBM Documentation - error.unavailable.refetch
On the Network tab, enter a search query for query. The search result displays the following error. 
code: "unexpected"
message: "database query error"

Resolving the problem

To resolve the connection error, the support team needs to run the SQL command in the cp4s cluster.
  1. Log in to the affected cluster.
  2. Identify the Connected Assets and Risk pod in the cp4s namespace. For example, car-podID-1234.
  3. Run the following SQL command.
    oc exec car-<id>  -- node /opt/app-root/app/build/app.js -c sqlQuery 'REFRESH MATERIALIZED VIEW <car-schema>.vulnerability'
  4. Wait for the SQL query to complete.