SIEM - custom time series charts issue

  • 0
  • 1
  • Problem
  • Updated 2 years ago
  • Solved
  • (Edited)
Hi,
I have a problem with custom dashbords after upgrade system to latest version Build 20160816201941. I have few time series chats like full dhcp log, showing count of events, filter by 'event name' in time range like 3 or 7 days. And after upgrade every chat start to showing this info:

There was no Time Series data for the search performed.

I was trying to create new search, Capture Time Series Data is selected and saved as new, also update details aint helping.

I noticed that there is some function 'Data Accumulation Data is currently being accumulated for the search. Unique counts are disabled'. But enabling also aint helping. Trying to search something to change in admin -> aggregated data management, but also nothing happens.

Google told me that qradar  got this issue, when user was login as normal user not admin. It was resolved in 7.2.6 patch 3 http://www-01.ibm.com/support/docview.wss?uid=swg1IV81141
Relogin to admin and doing everything once again failed.

Any one got same issue?


Photo of Michal Rz

Michal Rz

  • 742 Points 500 badge 2x thumb

Posted 2 years ago

  • 0
  • 1
Photo of Michal Rz

Michal Rz

  • 742 Points 500 badge 2x thumb

Changing count to 'event count', helped..but are this the same values? Looks ok.
Photo of Mullins, Keith

Mullins, Keith, Employee

  • 470 Points 250 badge 2x thumb
Michał, Are you still getting the correct values in the Time-Series graph when changing the value parameter to 'Event Count'?
Photo of Michal Rz

Michal Rz

  • 742 Points 500 badge 2x thumb
yup, works fine.