IBM Support

IJ25798: Deploys changes can fail due to a reference data element index issue between appliances

Troubleshooting


Problem

As described in APAR IJ25798, deploy changes can fail to complete when an inconsistency exists between the reference_data_element_data1 index on the QRadar Console and managed hosts in the deployment. This technical note provides further details to the workaround administrators can implement to resolve index errors related to a deploy changes.

Symptom

Similar messages might be visible in /var/log/qradar.error when the issue occurs:
 
[hostcontext.hostcontext] [Thread-68701] ComponentOutput: [ERROR] [NOT:0000003000]
[127.0.0.1/- -] [-/- -]ErrorStreamreplication: 
psql:/store/replication/tx0000000000000302764.sql:220939:
ERROR:  index row size 2928 exceeds maximum 2712 for index
"reference_data_element_data1"
[hostcontext.hostcontext] [Thread-68701] ComponentOutput:[ERROR] [NOT:0000003000]
[127.0.0.1/- -] [-/- -]ErrorStreamreplication: HINT:  Values larger than 1/3 of a buffer page 
cannot be indexed.
[hostcontext.hostcontext] [Thread-68701] ComponentOutput:[ERROR] [NOT:0000003000]
[127.0.0.1/- -] [-/- -]ErrorStreamreplication: Consider a function index of an MD5 hash of the
value, or use full text indexing.
[hostcontext.hostcontext] [Thread-68701] ComponentOutput:[ERROR] [NOT:0000003000]
[127.0.0.1/- -] [-/- -]ErrorStreamreplication: CONTEXT:  SQL statement "INSERT INTO 
public.reference_data_element SELECT * FROM rep.public_reference_data_element"
[hostcontext.hostcontext] [Thread-68701] ComponentOutput:[ERROR] [NOT:0000003000]
[127.0.0.1/- -] [-/- -]ErrorStreamreplication: 
PL/pgSQL function replicate_restore_dump(text,text) line 24 at EXECUTE {hostname}-
primary replication[197954]: Could not apply /store/replication/tx0000000000000302764.sql.

Document Location

Worldwide

[{"Line of Business":{"code":"LOB77","label":"Automation Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwtNAAQ","label":"Deployment"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version(s)"}]

Log InLog in to view more of this document

This document has the abstract of a technical article that is available to authorized users once you have logged on. Please use Log in button above to access the full document. After log in, if you do not have the right authorization for this document, there will be instructions on what to do next.

Document Information

Modified date:
02 November 2020

UID

ibm16332315

Page Feedback