Searching for related events

You can search for events processed by the Correlator or the Collector services.

To search for events related to the Correlator or the Collector service:

1. Log in to the KUMA web interface and open Resources → Active services.
2. Select the check box next to the required correlator or collector and click Go to Events.

   This opens a new browser tab with the KUMA Events section open.

3. To find events, click the icon.

   A table with events selected by the search expression ServiceID = <ID of the selected service> will be displayed.

Event search results

When searching for events, you may encounter the following shard unavailability error:

Code: 279. DB::NetException: All connection tries failed. Log: \\n\\nTimeout exceeded while connecting to socket (host.example.com:port, connection timeout 1000 ms)\\nTimeout exceeded while connecting to socket (host.example.com:port, connection timeout 1000 ms)\\nTimeout exceeded while connecting to socket (host.example.com:port, connection timeout 1000 ms)\\n\\n: While executing Remote. (ALL_CONNECTION_TRIES_FAILED) (version 23.8.8.207)\\n\"}",

In this case, you need to override the ClickHouse configuration in storage settings.

To override the ClickHouse configuration:

1. In the KUMA web interface, in the Resources → Storages section, click the storage resource that you want to edit.

   This opens the Edit storage window.

2. To skip unavailable shards when searching, insert the following lines into the ClickHouse configuration override field:

   <profiles>

   <default>

   <skip_unavailable_shards>1</skip_unavailable_shards>

   </default>

   </profiles>

3. To apply the ClickHouse configuration, click Save.
4. Restart the storage services that depend on this resource.

This resolves the shard unavailability error, and you can proceed to search for events processed by a particular correlator or collector.

Page top