- Site Collector Overview
- Get Started with Site Collectors
- Install Site Collector
- Set Up Collectors
- Manage Site Collectors
- Site Collector Monitoring
- Troubleshoot the Site Collector
- Pre-checks failed during Site Collector installation and upgrade
- Site Collector UI shows the status INSTALLATION_ERROR
- Download Support Packages for Troubleshooting
- How to reboot the Virtual Machine (VM) successfully to apply security updates?
- What information must be added while creating a support ticket to resolve an issue?
- Site Collector UI is not displaying the heartbeats
- Splunk Collector can't be set up
- Splunk Collector is set up however, logs are not reaching DL/AA
- Only a few of the installed Splunk Collectors are processing logs or EPS has dropped by 50% as compared to last hour
- The Windows Active Directory Collector (formerly known as LDAP Collector) is set up, however, the context data is not reaching DL/AA
- The Windows Active Directory Collector (formerly known as LDAP Collector) is stuck in the ‘Update’ mode after deployment
- Installation is initiated; however, the collector shows the status as ‘Setting Up’ for some time
- Data Lake and Advanced Analytics Does Not Show Context Data
- Context Data from Windows Active Directory Collector is Segmented
- Minifi Permission Denied - Logback.xml File Missing and Config File Update - Failed Error Occurred while Installing the Windows Event Log Collector
- Where should I upload proxy certificates if I am running proxy with TLS interception?
- How to upgrade Linux collector instance?
Upgrade to Site Collector 2.0
Site Collectors 2.0 is a major release that signifies performance improvements by bringing the underlying NiFi 2.0 M4 framework and resolves numerous critical security vulnerabilities from previous versions. To upgrade to the latest version, see Upgrade the Site Collector.
With the upgrade of your Site Collector to version 2.0, your server-side collectors continue to work without any interruption. Server-side collectors are the collectors that are not installed on remote devices and that run directly on the Site Collector instances. Examples of server-side collectors include Syslog, Splunk, Oracle, MSSQL, MySQL, Qradar, and Estreamer collectors. To upgrade these types of collectors, you do not need to use additional installation scripts.
However, for your agent collectors, that you install on the remote Windows or Linux devices, you need to use essential installation scripts mentioned in the Upgrade the Agent Collector Instances section below.
Upgrade the Agent Collector Instances
Due to substantial design changes in the framework, it is recommended to also upgrade your agent collectors to the latest version. Upgrading enables the collectors to fully utilize all management operations such as using templates or restarting the agent in addition to data collection. If you do not upgrade the collectors to the latest version, you will not be able to update the configuration of the collectors, and use or edit the templates.
The upgrade steps differ depending on the type of agent collector. Refer to the following upgrade requirements for each type:
Caution
Ensure that you upgrade one agent collector instance at a time. If you have more than one agent collector instances running on the same Windows or Linux host, for example, one Linux File collector and one Linux Archive Collector instance, or one Windows Event Log Collector and one Windows File Collector instance, do not upgrade them simultaneously. Upgrade one collector instance at a time to avoid any errors.
Upgrade Windows-based Agent Collectors
The Windows-based agent collectors are the collectors that you install on the remote Windows devices. For example, Windows Event Log Collector, and Windows File Collector. You must upgrade each Windows-based agent collector instance via user interface.
To upgrade a Windows-based agent collector:
Ensure that your Site Collector instance is upgraded to its latest version.
On the Overview tab, in the list of collector instances, click
for the agent collector instance that you want to upgrade.
Click Upgrade.
The agent collector instance is upgraded.
Alternatively, you can upgrade the agent collector instance by selecting the instance and clicking upgrade.
Additionally, after clicking the the agent collector instance on the Overview page, a collector configuration page that appears next provides you with the option to upgrade the collector instance in addition to configuration modification options.
Upgrade Linux-based Agent Collectors
The Linux-based agent collectors are the collectors that you install on the remote Linux devices. For these collectors, you need to use additional installation scripts on the remote devices before upgrade. For Linux File Collector and Linux Archive Collector instances installed on a Linux host, backward compatibility issues may occur and affect the upgrade process. To ensure smooth upgrade, before initiating the upgrade through the UI, you must run the following commands on your Linux host.
Run the following command on your Linux VM before upgrading the Linux File Collector instance via user interface:
sudo sed -i '/^ExecStart=$/d' /usr/local/lib/systemd/system/exabeam-file-management.service
Run the following command on your Linux VM before upgrading the Linux Archive Collector instance via user interface:
sudo sed -i '/^ExecStart=$/d' /usr/local/lib/systemd/system/exabeam-archive-management.service
After running these commands, proceed to upgrade the Linux-based agent collector instances via user interface as explained in the Upgrade Windows-based Agent Collectors section above.