Troubleshooting

Use the information in this section to troubleshoot common problems and find answers for frequently asked questions.

Known issues and limitations

Siren Platform currently has the following known issues and limitations:

  • You cannot add nodes from remote Elasticsearch clusters to the Graph Browser.

  • Queries with 'inner_hits' do not work with the _siren end point.

  • Wildcard searches on virtual index names are not supported by any API; a wildcard search will silently ignore virtual indices.

  • Cross-remote-cluster wildcard pattern searches are not supported.

  • Comma-separated lists of index patterns that target virtual indices are not supported.

  • You cannot drag and drop an entity identifier (EID) from a virtual index into the Graph Browser. EIDs must be added by using the Add Entity Identifier option in the Add menu.

  • Siren Investigate cannot perform aggregations across fields that contain nested objects. It also cannot search on nested objects when Lucene Query Syntax is used in the query bar.

    Using include_in_parent or copy_to as a workaround is not supported and may stop functioning in future releases.

Troubleshooting Elasticsearch

The following troubleshooting pages are available in the Elasticsearch documentation. If you cannot find the solution to your problem in the Siren Platform documentation, visit one of the following links:

Siren Federate and Elasticsearch are unresponsive

Problem

If you notice an issue with memory allocation and Siren Federate and Elasticsearch are unresponsive, you might need to enable the individual count in the Relational Navigator. This ensures that the system does not execute the count for all relations.

Solution

  1. Go to Management → Advanced Settings.

  2. Search for the siren:enableAllRelBtnCounts parameter.

  3. Click Edit.

  4. Set the value to false by deselecting the checkbox.

  5. Click Save.

Error when running the Siren Platform Docker commands

Use the following command to pull the Docker image:

docker pull sirensolutions/siren-platform-easy-start

Use the following command to run the docker image:

docker run siren-platform-easy-start

Problem

Docker displays the following error while starting up:

` 2021-02-01 11:24:10,433 INFO success: elasticsearch entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2021-02-01 11:24:37,726 INFO exited: elasticsearch (exit status 78; not expected) 2021-02-01 11:24:38,732 INFO spawned: 'elasticsearch' with pid 251 2021-02-01 11:24:40,270 INFO success: elasticsearch entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2021-02-01 11:24:54,722 INFO exited: elasticsearch (exit status 78; not expected) 2021-02-01 11:24:55,740 INFO spawned: 'elasticsearch' with pid 476 2021-02-01 11:24:56,745 INFO success: elasticsearch entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2021-02-01 11:25:13,468 INFO exited: elasticsearch (exit status 78; not expected) 2021-02-01 11:25:14,274 INFO spawned: 'elasticsearch' with pid 701 2021-02-01 11:25:15,859 INFO success: elasticsearch entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2021-02-01 11:25:31,744 INFO exited: elasticsearch (exit status 78; not expected) `

Solution

  1. To resolve this issue, follow the instructions to set the vm_max_map_count parameter on the Docker desktop.

  2. After the vm_max_map_count parameter is set, start the Docker image by running either of the following commands:

    ` docker run sirensolutions/siren-platform-demo-data or docker run -d -e 'sirenlogs=host' -p 5608:5606 -p 9220:9220 --name sirenplatform sirensolutions/siren-platform-demo-data `

    The -d parameter detaches the Docker container from your terminal, so it can run in the background while you perform other tasks.

    The -p parameter maps the port on your local machine (for example, 5608) to the port inside the Docker container.

    The --name parameter means you can call that container a bit more easily.

  3. Run the command docker logs -f platform and logs will start to display in the output.

  4. When the deployment is complete, run Siren Investigate with the localhost:5608/ipaddress:5608 and elasticsearch on 9220.