Troubleshooting QRadar Deployment Intelligence
A common issue in QRadar® Deployment Intelligence is that the app does not show any health-related data. This issue can occur for several reasons:
- The Ariel Server or Ariel Server API is not running. To identify this issue, run a sample Ariel
query by using the following Ariel
select metric_id, value from events where LOGSOURCENAME(logsourceid) ilike '%%health%%' last 10 minutes
- If the query runs properly, check the resulting data from the query.
If the query doesn't return any data, health metric events might not be generated or there might be issues in the pipeline to process the Health Metric Events. In this case, check Health Metric status on the dashboard to see the Health Metric status. If there is a Health Metric outage, it might be a QRadar issue to report to Customer Support.
- If the Ariel query runs properly and returns proper data, but the app doesn't show graphs, this
might be a QRadar Deployment
Intelligence app issue in the polling process that gets the API data from QRadar.
If the Ariel query runs properly and returns proper data, but the app doesn't show graphs, the polling process might be the issue. The polling process is what gets the API data from QRadar.Check the /store/log/poll.log as a starting point of investigation and further communication to Customer Support. You can access the logs from two locations:
- On the QRadar Console or App Host, the logs are at /store/docker/volumes/qapp_[app_id]/log
- In the container, the logs are at /store/log/poll.log