Use the information in this section to troubleshoot common problems and find answers for frequently asked questions.
Known issues and limitations
Siren Platform currently has the following known issues and limitations:
You cannot add nodes from remote Elasticsearch clusters to the Graph Browser.
Queries with 'inner_hits' do not work with the
Wildcard searches on virtual index names are not supported by any API; a wildcard search will silently ignore virtual indices.
Cross-remote-cluster wildcard pattern searches are not supported.
Comma-separated lists of index patterns that target virtual indices are not supported.
You cannot drag and drop an entity identifier (EID) from a virtual index into the Graph Browser. EIDs must be added by using the Add Entity Identifier option in the Add menu.
Siren Investigate cannot perform aggregations across fields that contain nested objects. It also cannot search on nested objects when Lucene Query Syntax is used in the query bar.
copy_toas a workaround is not supported and may stop functioning in future releases.
The following troubleshooting pages are available in the Elasticsearch documentation. If you cannot find the solution to your problem in the Siren Platform documentation, visit one of the following links:
Siren Federate and Elasticsearch are unresponsive
If you notice an issue with memory allocation and Siren Federate and Elasticsearch are unresponsive, you might need to enable the individual count in the Relational Navigator. This ensures that the system does not execute the count for all relations.
Error when running the Siren Platform Docker commands
Use the following command to pull the Docker image:
docker pull sirensolutions/siren-platform-easy-start
Use the following command to run the docker image:
docker run siren-platform-easy-start
Docker displays the following error while starting up:
2021-02-01 11:24:10,433 INFO success: elasticsearch entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2021-02-01 11:24:37,726 INFO exited: elasticsearch (exit status 78; not expected)
2021-02-01 11:24:38,732 INFO spawned: 'elasticsearch' with pid 251
2021-02-01 11:24:40,270 INFO success: elasticsearch entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2021-02-01 11:24:54,722 INFO exited: elasticsearch (exit status 78; not expected)
2021-02-01 11:24:55,740 INFO spawned: 'elasticsearch' with pid 476
2021-02-01 11:24:56,745 INFO success: elasticsearch entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2021-02-01 11:25:13,468 INFO exited: elasticsearch (exit status 78; not expected)
2021-02-01 11:25:14,274 INFO spawned: 'elasticsearch' with pid 701
2021-02-01 11:25:15,859 INFO success: elasticsearch entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2021-02-01 11:25:31,744 INFO exited: elasticsearch (exit status 78; not expected)
To resolve this issue, follow the instructions to set the
vm_max_map_countparameter on the Docker desktop.
vm_max_map_countparameter is set, start the Docker image by running either of the following commands:
` docker run sirensolutions/siren-platform-demo-data
docker run -d -e 'sirenlogs=host' -p 5608:5606 -p 9220:9220 --name sirenplatform sirensolutions/siren-platform-demo-data`
-dparameter detaches the Docker container from your terminal, so it can run in the background while you perform other tasks.
-pparameter maps the port on your local machine (for example, 5608) to the port inside the Docker container.
--nameparameter means you can call that container a bit more easily.
Run the command
docker logs -f platformand logs will start to display in the output.
When the deployment is complete, run Siren Investigate with the
ipaddress:5608and elasticsearch on