IBM Support

QRadar: Apps stopped working with QRadar



The Apps stopped working and the troubleshooting script /opt/qradar/support/ is failing to get results.

Diagnosing The Problem

Tomcat shows error in logs similar to:

Dec 27 20:06:27 ::ffff:x.x.x.x [tomcat.tomcat] [pool-1-thread-1] com.q1labs.restapi_annotations.content.exceptions.endpointExceptions.ServerProcessingException: Could not find app [1101] running after [20] attempts over [600] seconds.

Other issues to look at are the marathon service. You can confirm if its working by typing the command

systemctl status marathon -l

 ● marathon.service - A cluster-wide init and control system for services in cgroups or Docker containers
    Loaded: loaded (/etc/systemd/system/marathon.service; enabled; vendor preset: disabled)
   Drop-In: /etc/systemd/system/marathon.service.d
            └─user.conf, vault.conf
    Active: activating (auto-restart) (Result: exit-code) since Mon 2018-02-05 09:46:36 CET; 16s ago
   Process: 71546 ExecStart=/usr/local/bin/ (code=exited, status=1/FAILURE)
   Process: 71525 ExecStartPre=/usr/local/bin/ zookeeper.service.consul (code=exited, status=0/SUCCESS)
  Main PID: 71546 (code=exited, status=1/FAILURE)
    Memory: 0B
    CGroup: /system.slice/marathon.service
 Feb 05 09:46:36 qradarce.local systemd[1]: marathon.service: main process exited, code=exited, status=1/FAILURE
 Feb 05 09:46:36 qradarce.local systemd[1]: Unit marathon.service entered failed state.
 Feb 05 09:46:36 qradarce.local systemd[1]: marathon.service failed.

Resolving The Problem

To resolve this issue, do this procedure.

  1. Using an SSH session log in to the Console as root user.
  2. Type the command:

Results: Your apps should now be running.



Where do you find more information?


[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Component":"App Frameworks","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
01 November 2018