Troubleshoot MineMeld

• Free up disk space on MineMeld
  A red dot appears on the System tab when there is only 30% of disk space remaining in MineMeld. To continue using MineMeld with logging enabled, you must free up more disk space.
  1. In MineMeld, click the System tab.
  2. A warning message notifies you that disk space is low. Verify the disk status.

  3. Purge Logs.
     This deletes logs of internal system processes on MineMeld; this does not delete the record of indicators that nodes received or indicators that were aged-out in the Logs tab.
• Force an AutoFocus samples or artifacts miner to retrieve indicators.
  For a samples or artifacts miner, the default interval for retrieving and forwarding indicators to a processor is 1 hour. To trigger the miner to retrieve indicators immediately, follow the steps below.
  1. In MineMeld, select the samples or artifacts miner from the list of Nodes.

  2. Click Run Now to start retrieving indicators.

     As the node retrieves indicators, the # Indicators count goes up.

  3. Track all indicator activity associated with a node.
• Force an AutoFocus samples or artifacts miner to age out indicators.
  When a miner node ages out indicators, it withdraws indicators from the outputs that received them. The samples miner has a default age-out interval of 24 hours, while the artifacts miner has a default interval of 30 days. To trigger these miners to age out indicators immediately, follow the steps below.
  1. In MineMeld, select the samples or artifacts miner from the list of Nodes.
  2. Flush indicators.

  3. Track all indicator activity associated with a node.
• Track all indicator activity associated with a node.
  1. In MineMeld, select a node from the list of Nodes.
  2. View the node Stats. By default, the statistics displayed are based on indicator activity from the last 24 hours.

     1. Compare the counts from different points in the Indicators graph to determine the number of new indicators that the node processed during a time range. A drop in the graph indicates that some indicators associated with the node were aged out.

     2. View the trend of indicators that the node added, aged out, updated, and withdrew from other nodes.

  3. Change the Time Range to view indicator stats for a shorter or longer time period.
• Track indicators that were successfully received by a node and indicators that were aged out.
  View the MineMeld logs to determine if an indicator was successfully received by a node or aged out.
  1. View the logs for a specific indicator.
     1. In MineMeld, click the Logs tab.
     2. In the search field, enter indicator:[indicator value] and click the spyglass to launch the search.
     3. Evaluate the logs for the indicator based on the following log messages.
        EMIT_UPDATE—A log of a node sending an indicator (or an indicator update) to another node.
        ACCEPT_UPDATE—A log of a node successfully receiving an indicator from another node.
        EMIT_WITHDRAW—A log of a node aging out an indicator.
        ACCEPT_WITHDRAW—A log of a node accepting a request from another node to withdraw an aged out indicator.

  2. View the logs for a specific node.
     1. Click the Nodes tab and select a node.
     2. View all Logs of indicator activity related to the node.
     3. Click on a log message or indicator tag to filter the logs further.