Troubleshooting
Problem
The admin is not able to add a log source to multiple log source groups, after they try to save the changes, it fails with the following error:
Could not update log source XXXXX
An unexpected API error has occurred.
Please refer to the QRadar error logs for additional information.
Symptom
- Unable to add a log source to multiple log source groups.
- After trying to save the changes, they get the following error:
- The following error is seen in /var/log/qradar.error after the admin tries to save the changes:
Mar 8 13:09:55 [ERROR] Domain assignment conflict: Log Source 'Log Source @ MyServer01' would be assigned to both domains: 'Domain01' (via group 'Group01_In_Domain01') and 'Domain02' (via group 'Group02_In_Domain02')
Document Location
Worldwide
[{"Line of Business":{"code":"LOB77","label":"Automation Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSV4BL","label":"IBM QRadar"},"ARM Category":[{"code":"a8m0z000000cwt0AAA","label":"Log Source"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions","Type":"MASTER"},{"Product":{"code":"SSTZMA","label":"QRadar Appliance Hardware"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"LOB77","label":"Automation Platform"}}]
Log InLog in to view more of this document
This document has the abstract of a technical article that is available to authorized users once you have logged on. Please use Log in button above to access the full document. After log in, if you do not have the right authorization for this document, there will be instructions on what to do next.
Was this topic helpful?
Document Information
Modified date:
16 April 2024
UID
ibm17131470