Troubleshooting
Problem
This support technical article provides further guidance to administrators on the issue reported in APAR IJ21718: Ariel searches fail and events are not processes/written to disk when a concurrent modification exception occurs.
Symptom
UPDATE: For the latest information, see the Flash Notice for APAR IJ21718. Administrators must complete a Deploy Full Configuration, then install the available interim fixes. Interim fixes are available on IBM Fix Central to mitigate this issue.
Administrators or users might experience search errors in QRadar when the Event Processor or Console attempts to access an unreadable record of data for the timeframe defined in the query. As an Event Processor responds to the search request, a red alert bar is displayed with the search results to indicate one of the Event Processor appliances encountered a 'The server encountered an error reading one or more files' message. The error reading one or more files message is an indicator of APAR IJ21718.
For example:
For example:
Document Location
Worldwide
[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Component":"Custom Properties","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.3.2 Patch 5,\n7.3.3,\n7.3.3 Patch 1","Edition":"","Line of Business":{"code":"LOB77","label":"Automation Platform"}}]
Log InLog in to view more of this document
This document has the abstract of a technical article that is available to authorized users once you have logged on. Please use Log in button above to access the full document. After log in, if you do not have the right authorization for this document, there will be instructions on what to do next.
Was this topic helpful?
Document Information
Modified date:
07 January 2021
UID
ibm11142758