We have been evaluating NNA and decided to purchase, but then ran across a concern. I did a clean install (CentOS 7.4), new data, new everything. Everything is working great except one thing that I hope is just a tuning issue.
If I do a simple query on a source, I get the expected results. If I do the same query on either a created source group that includes that and two other sources, or perform the query on the All Sources group, I get no results and the text "No query data was returned for your query." There is no apparent timeout issue or error. The result is returned instantly, and in total I've only got about 10MB of collected flow data--so not a lot.
Again, there are no timeouts. In spite of that, I've tried the info on the link below to no avail. We don't necessarily know the source of the information, so we need searches against "All Sources" to return the same results as we would see on an individual source. It's new hardware, 10 core hyperthreaded CPU, 32GB memory, several TB of free disk space. Load is 0. No errors in the Apache error log. Any ideas?
This did not work, and does not appear to apply:
https://support.nagios.com/forum/viewto ... 29&t=44505
No query data was returned...
-
kyang
Re: No query data was returned...
Hi @bqb,
How much flow data has been collected now since yesterday?
If you do the query on a source group now, does it return anything?
How does it look in the "Traffic last 30 minutes" bar?
What's the time frame of your query?
How much flow data has been collected now since yesterday?
If you do the query on a source group now, does it return anything?
How does it look in the "Traffic last 30 minutes" bar?
What's the time frame of your query?
-
bqb
- Posts: 5
- Joined: Wed Nov 01, 2017 2:05 pm
Re: No query data was returned...
No change--a query against All Sources returns nothing that I'm looking for (nothing at all). It doesn't matter if I query 24 hours or 30 minutes--an instant nothing even though the individual source shows expected results. 91MB of flow data has been collected.
All of the individual sources are collecting and always have. It's group queries that aren't returning anything specific. If I go to the All Sources main page, I get a graph and a top 5. I need anything from any source to also appear in a query against a group. "Top" charts are of no interest to us, it's queries that must work on groups and not just individual sources.
All of the individual sources are collecting and always have. It's group queries that aren't returning anything specific. If I go to the All Sources main page, I get a graph and a top 5. I need anything from any source to also appear in a query against a group. "Top" charts are of no interest to us, it's queries that must work on groups and not just individual sources.
-
tgriep
- Madmin
- Posts: 9190
- Joined: Thu Oct 30, 2014 9:02 am
Re: No query data was returned...
If you go to the Source Groups menu, you see the data you are querying?
What are you setting in the Aggregate By: field and what is your query string?
What are you setting in the Aggregate By: field and what is your query string?
Be sure to check out our Knowledgebase for helpful articles and solutions!