Environment
- EDR Console: All Supported Versions
Symptoms
Receive "An error occurred while requesting process data" in red box in upper-right corner of EDR UI when attempting to view alert data.
Cause
An alert that was selected no longer has existing data
Resolution
1. Confirm in the UI that the alert being selected is within expected retention
2. If the date is within what you would expect to see for retention, confirm the oldest event.
- The product defaults to sorting by severity. If an old alert has not been resolved and has a high severity, it may be at the top of the list and the data no longer exists
- In the console, go to the process search page.
- On the right side, select "All Available" from the drop down, then click search.
- Take note of the total (x) "show 10 of x". Round this down. For example, 219975 should be 219970
- In the browser URL, add &start=total to the end of the URL
&start=219970
It will look something like this for the full queryhttps://<myserver>/#/search?cb.urlver=1&rows=10&facet=false&facet.field=process_name&facet.field=group&facet.field=hostname&facet.field=parent_name&facet.field=path_full&facet.field=process_md5&facet.field=username_full&sort=last_update%20desc&cb.min_last_update=&cb.max_last_update=&cb.query_source=ui&cb.strict=1&q=&start=219970
- If the retention is not what you expect, please review the information EDR: How is Data Retention Determined
Related Content
Thank you for your feedback.
Your feedback has been submitted and will be reviewed.