Reindex a Specific Index Database - Administrator Guide - 6.6 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
6.6
Creation date
2022-09-29
Last date published
2024-03-21
End_of_Life
EoL
Category
Administrator Guide
Abstract

Reindex a specific index database in Cortex XSOAR.

In some cases, you might need to reindex a specific index database, if you encounter incorrect or partial data in Cortex XSOAR. Reindexing processes all data for that index database and ensures it is fully available for searches in the Cortex XSOAR UI. If issues are appearing related to multiple indexes, you can reindex more than one database at a time by listing the indexes as a comma separated list or you can Reindex the Entire Database. Depending on the volume of the data in the system, it may take some time for the indexing to complete. We recommend consulting with Cortex XSOAR support before reindexing.

Note

If using Live Backup, the index database must be reindexed on both the production and backup servers.

  1. Stop the Cortex XSOAR service using the appropriate command for your OS.

    • systemctl stop demisto

    • sudo service demisto stop

  2. Backup the index directory by typing the following command:

    tar -czvf filename.tar.gz /var/lib/demisto/data/demistoidx

    Note

    The backup of the index directory should not be stored under /var/lib/demisto.

  3. Run the server and specify the index as an argument. To reindex multiple indexes, use a comma separated list of index names for indexName.

    sudo /usr/local/demisto/server -restore-index-name=indexName -public /usr/local/demisto/dist -stdout -conf /etc/demisto.conf

    For example, to reindex playbooks and scripts, run sudo /usr/local/demisto/server -restore-index-name=playbooks,scripts -public /usr/local/demisto/dist -stdout -conf /etc/demisto.conf

  4. Log in to your Cortex XSOAR instance and verify that the reindex process was successful.

  5. When a message appears stating Server up and running, good luck to us all or the Cortex XSOAR UI displays, verify that all the data is present from the reindexing, and stop the process by pressing Ctrl+C or Cmd+C.

  6. Set permissions by running the following command.

    sudo chown -R demisto:demisto /var/lib/demisto/data

  7. Start the Cortex XSOAR service using the appropriate command for your OS.

    • systemctl start demisto

    • sudo service demisto start