Troubleshooting

danger

Never edit the KV Store Collections directly (e.g with Lookup Editor)! This can have disastrous effects on the data integrity. Always contact support if you run into an issue which can not be fixed following the troubleshooting guide!

Setting AME Log Levels

In case of a problem, AME support may ask to increase the log level. The log levels can be set under Administration -> Configuration within the Logging tab. Each component of AME has its logger settings.

danger

Heavy logging can impact application performance. The log level should be reverted to INFO once the problem has been resolved.

Troubleshooting Guide

The HEC Connection does not work

Testing a HEC Reciever Connection

To test if the HEC Receiver works, open the Health Check Dashboard under the Administration menu and run the HEC Test.

A Response: Success Toast-Message is returned if the HEC Connection works correctly.

Additionally, you can run the folllowing search to check connection errors:

index=_internal sourcetype="ame:*" log_level=ERROR

If you see a connection timed-out event, check connectivity:

2023-05-10T17:00:30.199+02:00 version=1.1.0 log_level=ERROR pid=3233874 s=event_index_service.py:send_string_to_index:118 uuid=067f22a9-14af-4e93-9045-e5ad77738d9c [Errno 111] Connection refused

No events are found

Check if the tenant index contains data:

index="ame_default"