Troubleshooting
Problem
Administrators can see a benign error display in the QRadar logs when they attempt to use the Manage Identity Exclusion user interface. The error displays an AssetProfilerConfig error with a message related to a search name that is not loaded due to a missing attribute column. As the search does not contain any asset fields, it is not loaded by the user interface and a message is logged. The message in the logs is not a true error, but a confirmation that the search was not displayed in the user interface as it does not include asset data.
Symptom
Order of operations that can cause this error message to display in the logs:
- Log in to the QRadar Console with an administrator permission.
- Click the Admin tab.
- Click the Manage Identity Exclusion icon.
- As the interface loads, the system confirms what data to display to the user. If a search does not relate to asset data, the following message with the search is written to the logs to display it was skipped on purpose.
com.q1labs.assetprofilerconfiguration.ui.util.AssetProfilerConfig: [ERROR] [NOT:0000003000][<IP>/- -] [-/- -]Cannot add event query "Nonassets_event_search" to list due to missing attribute column. Skipping.
- The user interface loads as expected. No errors are displayed in the Manage Identity Exclusions interface.
Results
The search mentioned in the log is not displayed by design as the search does not include any asset information, such as an asset ID. The type for the message displays ERROR, but it is benign and can be ignored by the administrator.
Cause
This benign error is generated when the user interface when asset profiler attempts to get a list of saved searches for the user. The Manage Identity Exclusions interface completes several checks to determine whether a saved search is displayed to the user. If any search does not fit the purpose or contain asset related fields, it is skipped and the benign error message is written to the logs.
Full log error message:
Oct 13 10:39:28 :127.0.0.1 [tomcat.tomcat] [<user>@<IP> (5632) /console/adminconsole/jsp/assets/ManageIdentityExclusion.jsp]
com.q1labs.assetprofilerconfiguration.ui.util.AssetProfilerConfig: [ERROR] [NOT:0000003000][<IP>/- -]
[-/- -]Cannot add event query Noassets_event_searches to list due to missing attribute column. Skipping.
Environment
All QRadar versions.
Resolving The Problem
There is no issue to resolve and the message is generated in the logs to inform administrators of a search that did not display in the user interface as the search is not related to assets.
Document Location
Worldwide
[{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwsyAAA","label":"Admin Tasks"}],"Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.5.0","Type":"MASTER"}]
Was this topic helpful?
Document Information
Modified date:
07 November 2023
UID
ibm17060775