Troubleshooting
Problem
Verifying that data is being sent from an Event Collector is helpful in the following use-cases:
- To ensure that the event data from the specific Event Collector is processed continuously
- To identify any potential network connectivity issues between Event Collector and the Event Processor (or Console)
- To find any potential gaps within event data flow
- To detect any system malfunction on the Event Collector side (for instance system or hardware issues)
Symptom
If you experience these symptoms, the Event Collector might be failing to send data:
- The QRadar Log Source Management app reports that some of the Log Sources are the error state
- Search results depict event gaps
-
Event Collector intermittently display status Unknown
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB77","label":"Automation Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSV4BL","label":"IBM QRadar"},"ARM Category":[{"code":"a8m0z000000cwtEAAQ","label":"Log Activity"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"},{"Product":{"code":"SSTZMA","label":"QRadar Appliance Hardware"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"LOB77","label":"Automation Platform"}}]
Log InLog in to view more of this document
This document has the abstract of a technical article that is available to authorized users once you have logged on. Please use Log in button above to access the full document. After log in, if you do not have the right authorization for this document, there will be instructions on what to do next.
Was this topic helpful?
Document Information
Modified date:
03 April 2023
UID
ibm16848271