Create a Log Bundle

Go to

Settings

About

Troubleshooting

.

To create the log bundle, click

Download logs

.

The following are the logs that appear in the bundle.

Log	Description
workers	Displays the total number of configured workers, the total number of workers that are busy, and the total number of available workers. If you experience performance issues, check the workers log to check if all workers are busy. To increase the worker count, see Configure the Number of Workers for the Server and Engine for details.
web-app	Displays the active integrations and maps all the data types in the system. If there is a problem in the system, you can import this information to your system to try to troubleshoot the problem.
version_control	Displays the following information: The version of Git. The location of the Git binary on the system. All commands supported by the installed version of Git. The repository folder of the server, where the version of the server’s content are managed. The port that is used when connecting to a remote repository The branch that you are connected to in the remote repository, if you are connected to a remove repository. A list of all the configurations that are in the repository.
telemetry	Cortex XSOAR uses telemetry to collect specific usage data. This data is analyzed and used to improve Cortex XSOAR, and to identify common usage to help drive the product roadmap. This log displays if telemetry is enabled. anonymous - telemetry is enabled. no telemetry - telemetry is disabled. By default, telemetry is enabled. For information on telemetry, see Cortex XSOAR Telemetry.
preprocessRules	Displays the actual data of any existing pre-process rules. Use this information if the pre-process rules are not working as expected, or if incidents are dropped or wrongfully closed .
packsubscriptionsinfo	Displays the metadata for the marketplace paid pack subscriptions, such as the company’s balance or the subscription status of each paid pack. View the content of this log if question arise about the company’s marketplace pack subscriptions.
os	Displays the exact amount of usage of the general resources of the system at the time you create the log. This information includes operating system usage, kernel usage, memory usage, CPU usage, etc.
network	Displays all the programs used in the network and contains the record of user and process access calls to objects, attempts at authentication, and other network activity.
ml	Displays the activities of the training machine learning in the platform. If the training of the model fails, look in this log to understand the error. The error can be a script execution error or a Docker error. For a Docker error, search for demisto/dl. For a script error, search for DBotBuildPhishingClassifier or one of the following subscripts: GetIncidentsByQuery DBotPreProcessTextData DBotTrainTextClassifierV2 WordTokenizerNLPNote that errors that appear may be general Docker errors because all of the scripts and subscripts run in Docker.
license_data	Displays the licensing information, including the license validation date, number of users permitted in the system, the amount of users currently using the system, etc.
installedpacks	Displays the installed packs from Marketplace.
go_stats	Go is used to retrieve information about the environment of the server, such as how many CPUs are used, how many goroutines (threads) are used, etc. This log displays the location of all Go routines in the code.
filesystem	Displays how much free disk space there is in the file system. Displays all the folders that Cortex XSOAR uses and the total usage of the disk space for each folder. Can indicate there is not enough available disk space.
env	Displays the version and build number for Cortex XSOAR, and the version of the server SHA and web-client.
content	Displays the activities for all playbook integrations, automations, and incident types. These activities also appear in the server log.
confserver	Displays the configuration of the server. This information also appears in the Settings About Troubleshooting page in Cortex XSOAR.
confdb	Displays the configuration of the database.
conf	Displays the generic server configurations.
bolt_stats	Displays information about Bolt disk and index usage.