IBM Support

QRadar: Admin Tab Displays Event Collection Service is Available for Upgrade

Troubleshooting


Problem

After a QRadar upgrade, the Console's Admin tab repeatedly informs the administrator that a new version of the Event Collection Service (ecs-ec-ingress) is available. The banner continues to display the following message, even after a restart of the Event Collection Service completes:
"A new version of the event collection service is available for upgrade. To upgrade to the new version, on the Advanced menu, click Restart Event Collection Services."

Symptom

  1. Log in to the QRadar Console.
  2. Click the Admin tab.
  3. The banner on the page displays the following notice:
    image-20220303132143-2
  4. Click Advanced > Restart Event Collection Services.
    WARNING: This action globally restarts the ecs-ec-ingress collection service on all appliances that receive events and loads available updates. A restart temporarily stops all event collection on all appliances, checks for updates, then restarts. This action can cause gaps is event reporting and events cannot be received while the ecs-ec-ingress service is restarting. Typically, these actions are only completed during scheduled maintenance.
  5. Wait for the service restart to complete.
  6. On the next check by the Console, the following message is displayed again:image-20220303132153-3

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB77","label":"Automation Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwtNAAQ","label":"Deployment"}],"ARM Case Number":"TS009052398","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.3.3;7.4.0;7.4.1;7.4.2;7.4.3"}]

Log InLog in to view more of this document

This document has the abstract of a technical article that is available to authorized users once you have logged on. Please use Log in button above to access the full document. After log in, if you do not have the right authorization for this document, there will be instructions on what to do next.

Document Information

Modified date:
28 April 2022

UID

ibm16555146

Page Feedback