Sync Ingestion Error #3884
Comments
|
I have the same issue, running 5.6.9 - working with docker version, 4 instances on opencti and 12 instances of workers. tried it with single instance on 1 opencti and 1 worker with same outcome. as soon as i configure the ingestion on secondary opencti i get this error messagem and the entry cannot be started as long as i remain on original page. openning a new web page gets me to the error message where the entry cannont even be deleted anymore. |
|
That is exactly what I'm experiencing as well, this is a real issue if you are load balancing across a cluster and the data doesn't match. I hope there is a fix ASAP. |
|
Stream is still broken in 5.9.6. |
|
Hi @explorecti & @ips972 could you both confirm that you had never created ingestion before that error ? |
|
I have created ingestion on that page before. I wiped the total stack and volumes and recreated the OCTI stack and still received the error again. Attempted a third removal just the Elastic DB volume and it did map the ingestion connection. There is definitely a but with this. |
|
yes, everything i built is completly new. built a single instant stack and multi nodes stack from scratch on portainer swarm with single node and multi node and multi node with nfs shared storage and still same result with one difirence... only when using single node opencti and one worker was i able to start the sync , make it work.. but then on the next login to the system i get the error again even though the sync is working.. at this point , since the sync is working i was able to add more nodes and workers to make the ingest quicker from 2 eps to an avarage of 50eps. but at this point the page is not accessible anymore. its fused with a single sync condigured. thanks and regards |
|
@explorecti and @ips972 thanks for the feedbacks. It appears the issues are linked. You can track the corrective part here : #4020 and I'll come back to you if there is action you need to make locally after the release. |
|
just a quick update, seems like the same error message is given in the "Bulk search" page, after inputing the first enty for search and pressing enter for next line. boom, same error on page. "ERROR An unknown error occurred. Please contact your administrator or the OpenCTI maintainers". |
|
Is there any update for this issue? |
|
they told you above, its been given a bug and should be fixed in next release 5.9.10 |
|
Solved by #4042. Will be fixed in next release 5.10.0 |
SouadHadjiat
added
solved
did the bug fix , fix the same issue in the global search page? seemed to be the same issue.. |
great news! |
Description
Running a cluster with 3 vm's with OPENCTI, currently the data is unable to replicate/ingest to one of the vm's. The current error "ERROR An unknown error occurred. Please contact your administrator or the OpenCTI maintainers".
Environment
Reproducible Steps
Steps to create the smallest reproducible scenario:
Expected Output
The ingestion vm should be available to start the sync process with the primary data source (OCTI)
Actual Output
Once the ingestion sync is configured the screen locks with the following: "ERROR An unknown error occurred. Please contact your administrator or the OpenCTI maintainers"
Additional information
In this example there is currently data already populated on the primary data source.
Screenshots (optional)
The text was updated successfully, but these errors were encountered: