Troubleshooting
Problem
Events are being dropped on Console with Pipeline NATIVE_To_MPC messages. These kinds of messages can be easily confused with other incidents when the collected events are being dropped from the pipeline of QRadar.
The mentioned events were not collected by the QRadar from the source. The customer is not losing any events in this case. The NATIVE_To_MPC events are artificially generated by the other QRadar processors in the deployment and are sent to the console. Their purpose is just to add the metadata information about the real events, which were already stored in the processors, to the open GLOBAL offenses that were generated in the console.
[{"Type":"MASTER","Line of Business":{"code":"LOB77","label":"Automation Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwtiAAA","label":"Performance"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Versions"}]
Log InLog in to view more of this document
This document has the abstract of a technical article that is available to authorized users once you have logged on. Please use Log in button above to access the full document. After log in, if you do not have the right authorization for this document, there will be instructions on what to do next.
Was this topic helpful?
Document Information
Modified date:
27 March 2023
UID
swg21985252