Troubleshooting
Problem
An Incident Forensics search might fail while it is running.
Symptom
When you mouse over the FAIL error you see the following message:
Actual file size (3234567890) exceeds maximum file size limit (2000000000)
Actual file size (3234567890) exceeds maximum file size limit (2000000000)
Cause
This issue is caused by the default file size limit. The default file size is to make sure that you do not download too much data. However, it should be set to something that works with the environment.
Resolving The Problem
You can increase up the default file size limit in the QRadar Web User Interface.
- Log in as an administrator to QRadar.
- Click the Admin tab on the console.
- Click Server Management under the Forensics section.
- Increase the Maximum file download (MB): value under the Server Setting section.
- Click Save.
- Click Deploy Changes.
Result
The Incident Forensics search finish without issues.
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSUK44","label":"IBM Security QRadar Incident Forensics"},"ARM Category":[{"code":"a8m0z000000cwsyAAA","label":"Admin Tasks"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
21 October 2022
UID
swg21976929