Checking the change log processing status
IBM Security QRadar® Suite Software provides an action to retrieve the processing status of all applications and services that use the change log for tracking data lifecycle events.
Before you begin
Install the command-line interface (CLI) utility cpctl from the cp-serviceability pod. For more information, see Installing the cpctl utility.
About this task
When an account deletion is triggered, the change log is updated with this information. The applications within QRadar Suite Software that hold information that is owned by the deleted account use the change log to trigger the removal of that data. When all applications confirm that they no longer hold any data that is owned by the deleted account, the Entitlements service triggers the final removal of the account itself.
The Entitlements service is responsible for managing accounts, users, and roles, and the change log and connection to IBM® foundational services.
The following procedure enables the identification of any applications that did not acknowledge the deletion of data and might be blocking the complete removal of data.
- To ensure that the list of available cpctl actions is
up to date, enter the following command.
cpctl loadThe cpctl load command retrieves all of the available actions that can be run on QRadar Suite Software. The actions are cached to your local environment.
Run the following command. No parameters are required.
cpctl diagnostics check_changelog_processing_status
cp-serviceability pod queries the Entitlements service for the following
- A list of applications and services.
- The most recent change log acknowledgment for each component listed.
- The most recent sequenceId that is available for each component listed.
If no results are returned, this indicates that the service is disabled. To check the status of the service you can run the following command.
cpctl diagnostics check_deployment --only entitle --token "$(oc whoami -t)"