Troubleshooting
Problem
It is possible to encounter corruption in the UBA postgres database. In this instance, you can re-create the database without having to uninstall and reinstall UBA.
This workaround applies to UBA 4.1.9 and higher.
Symptom
If you see similar errors as in the following examples, you might have a corrupted database.
messages log file:
Jan 24 13:02:38 qradar_apphost_server kernel: [6316612.508367] [<ffffffffa7fc25ad>] oom_kill_process+0x2cd/0x490
Jan 24 13:02:50 qradar_apphost_server kernel: postgres invoked oom-killer: gfp_mask=0xd0, order=0, oom_score_adj=0
You can check the UBA logs to help you determine whether the UBA database is corrupted. Enter the directory and check the log files:
cd /store/docker/volumes/qapp-1101/logs
app.log:
2023-02-01 16:55:42,222 [DummyThread-4] [ERROR] [APP_ID:1101] [NOT:0000003000] Failed to generate dashboard top panel: server closed the connection unexpectedly
This probably means the server terminated abnormally
before or while processing the request.
2023-02-01 16:55:42,231 [DummyThread-5] [ERROR] [APP_ID:1101] [NOT:0000003000] Failed to generate system score graph data: FATAL: the database system is in recovery mode
user_import_service.log:
2023-02-01 14:49:07,751 [user_import_service.run] [ERROR] - FATAL: the database system is in recovery mode
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB77","label":"Automation Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwt3AAA","label":"QRadar Apps"}],"ARM Case Number":"TS011924617","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Log InLog in to view more of this document
This document has the abstract of a technical article that is available to authorized users once you have logged on. Please use Log in button above to access the full document. After log in, if you do not have the right authorization for this document, there will be instructions on what to do next.
Was this topic helpful?
Document Information
Modified date:
20 October 2023
UID
ibm17054882