Advanced AnalyticsAdvanced Analytics i54 Release Notes

Table of Contents

Issues Fixed in Advanced Analytics i54.5 (General Availability)

INF-7047

There was an error adding a worker node to clusters with three or more nodes, where at least one of the nodes is a Log Ingestion Messaging Engine (LIME) node and the cluster has a Hadoop Distributed File System (HDFS) High Availability (HA) setup; specifically, clusters with:

  • One master node and two LIME nodes

  • One master node, one LIME node, and one worker node

  • One master node, one Case Manager node, one worker node, and one LIME node

  • One master node, one LIME node, and you added two or more worker nodes, one at a time

The inventory files that list the nodes in the NameNode and JournalNode groups were incorrectly changed and moved to a different host. Now, if a cluster already has three or more nodes and an HDFS HA setup, the inventory file isn't changed.

EXA-31543

In some environments, the Analytics Engine couldn't begin processing because some connection threads to the MongoDB database expired while the Analytics Engine was initializing. The MongoDB database loaded models in parallel to maximize efficiency, but while doing this, surpassed the number of concurrent connection requests it could make to the Analytics Engine. Now, the MongoDB database limits the concurrent connections it uses to load models in parallel.

EXA-31692

Abnormal first access-type rules triggered incorrectly, when a user's activity was normal. The corresponding model wasn't trained correctly because a parameter in the model definition was miscalculated. The calculation for that parameter has been corrected and tuned.

EXA-31909

Under certain conditions, the anomaly factor wasn't calculated and inflated risk scores because of other Data Science (DS) server issues. These issues have been resolved.

EXA-31302

Some pages, like Health Alerts settings, Account Lockouts watchlist, and some user Smart Timelines™, were slow or failed to load because parallel processes in Advanced Analytics Restful Web Services inefficiently queried the MongoDB database multiple times. We reduced or batched these queries to optimize the time they take to run.

EXA-31463

For some deployments, the MongoDB database ran out of disk space because it failed to automatically purge data when it reached 85 percent capacity or after the 180 day default retention period. The database failed to identify data it should purge because of a missing database index. Now, the database ensures that the index exists before purging.

EXA-31639

If a user executed a Windows account switch, the accounts they switched to didn't appear next to their name in their profile because Advanced Analytics Restful Web Services fetched account information from the incorrect MongoDB database collection. Now, Advanced Analytics Restful Web Services fetches from the correct collection.

EXA-31945

A user's account usernames didn't appear next to their name in their profile because Advanced Analytics Restful Web Services fetched account information from the incorrect MongoDB database collection. Now, Advanced Analytics Restful Web Services fetches from the correct collection.

EXA-31834

When you navigated from Splunk to Advanced Analytics, the Home page couldn't load because Advanced Analytics was fetching configurations it couldn't access from Splunk. These configurations have been moved to a file that Advanced Analytics can access wherever it loads.

Issues Fixed in Advanced Analytics i54.5.1 (First Customer Shipment)

EXA-31656

In some environments, it was possible that Advanced Analytics didn't display new data because of a deadlock that occurs when ingesting data.

A Log Ingestion and Messaging Engine (LIME) service, LogParser, failed to send internal Akka messages and notify other LIME services about its parsing progress or when it's done parsing. This happened when LogParser closes over the Akka context method in threads outside the one running the actor. To solve this, LogParser behaviour was tuned so it doesn't close over the Akka context method.

Issues Fixed in Advanced Analytics i54.5.2

EXA-32163

Some Advanced Analytics pages were vulnerable to cross-site scripting attacks, which used specially crafted event logs to execute scripts. This issue has been resolved.