Environment

• EDR: 6.x and higher
• Standalone server

Objective

Resolution

1. Log into the console.
2. Perform your search and click the process to bring you to the Process Analysis page.
3. In the Process Analysis page grab the Unique ID (highlighted in red) from the browser URL

   https://<server>/#/analyze/00000007-0000-24c8-01d4-6cab54141c72/1540927207635?cb.legacy_5x_mode=false
4. Log into the server via ssh/terminal and run the following command, replacing the <uniqueid>:

   curl 'http://localhost:8080/solr/reader/select?q=id:<uniqueid>*&rows=0'
   

5. View the "numFound" and enter a value greater than in the &rows= section of the next command. 

   response":{"numFound":29,"start":0,"maxScore":1.0,"docs":

6. Run the following command, in the example numFound came back as 29, so 40 is used to give a buffer as the rows= 

   curl 'http://localhost:8080/solr/reader/select?q=id:<uniqueid>*&wt=json&indent=true&rows=40&debug=track&sort=last_server_update%20asc' >> <uniqueid>.json && /usr/share/cb/cbpost <uniqueid>.json

Additional Notes

• Common Errors:
  • "The requested resource is not available": Curl command was run on the incorrect server/node. See EDR: How to get raw process documents via Curl (Clustered)
  • "numFound=0": Incorrect or missing unique id,  incorrect server/node or md5 hash is lowercase.
• Process document from UI API. This only provides limited results
  • How to output a process document as text file for troubleshooting

Related Content

• EDR: How to get raw process documents via Curl (Clustered)
• EDR: How to get raw binary documents via Curl
• How to output a process document as text file for troubleshooting