Services tools

This section describes the tools for working with services available in the Resources → Active services section of the KUMA web interface.

Getting service identifier

The service identifier is used to bind parts of the service residing within KUMA and installed in the network infrastructure into a single complex. An identifier is assigned to a service when it is created in KUMA, and is then used when installing the service to the server.

To get the identifier of a service:

1. Log in to the KUMA web interface and open Resources → Active services.
2. Select the check box next to the service whose ID you want to obtain, and click Copy ID.

The identifier of the service will be copied to the clipboard. It can be used, for example, for installing the service on a server.

Restarting the service

To restart the service:

1. Log in to the KUMA web interface and open Resources → Active services.
2. Select the check box next to the service and select the necessary option:
   • Reload—perform a hot update of a running service configuration. For example, you can change the field mapping settings or the destination point settings this way.
   • Restart—stop a service and start it again. This is used to change settings such as port number or connector type.

     KUMA Windows Agent can be restarted as described above only if it is running on a remote computer. If the service on the remote computer is inactive, you will receive an error when trying to restart from KUMA. In that case you must restart KUMA Windows Agent service on the remote Windows machine. For information on restarting Windows services, refer to the documentation specific to the operating system version of your remote Windows computer.

   • Reset certificate—remove certificates that the service uses for internal communication. For example, this can be used when Core certificate was updated.

     When working with KUMA agents, this certificate reset method is available only for running agents (that have a green status). For agents with a red status, the certificate must be changed manually.

The service will be restarted.

Deleting the service

Before deleting the service get its ID. It will be required to remove the service for the server.

To delete the service:

1. Log in to the KUMA web interface and open Resources → Active services.
2. Select the check box next to the service you want to delete, and click Delete.

   A confirmation window opens.

3. Click OK.

The service has been deleted from the KUMA.

To remove the service from the server:

Delete the file /usr/lib/systemd/system/kuma-<Service type: collector, correlator, or storage >-<ID of the service>.service from the server where the service was installed.

Partitions window

If the Storage service was created and installed, you can view its partitions in the Partitions table.

To open Partitions table:

1. Log in to the KUMA web interface and open Resources → Active services.
2. Select the check box next to the relevant storage and click Go to partitions.

The Partitions table opens.

The table has the following columns:

• Tenant—the name of the tenant that owns the stored data.
• Date—the date when the space was created.
• Space—the name of the space.
• Size—the size of the space.
• Events—the number of stored events.
• Expires—the date when this space expires.

You can delete spaces.

To delete space:

1. Open the Partitions table (see above).
2. Open the drop-down list to the left from the required space.
3. Select Delete.

   A confirmation window opens.

4. Click OK.

The space is deleted.

Correlator active lists window

The Correlator active lists table displays a list of active lists that are used by a specific correlator.

To open Correlator active lists table:

1. Log in to the KUMA web interface and open Resources → Active services.
2. Select the check box next to the relevant storage and click Go to active lists.

The Correlator active lists table opens.

The table has the following columns:

• Name—the name of the correlator list.
• Records—the number of record the active list contains.
• Size on disk—the size of the active list.
• Directory—the path to the active list on the KUMA Core server.

You can view, import, export, or clear active lists.

To view active list:

Open Correlator active lists table (see above) and click the name of the active list.

The table with active list records opens. If you want to view the contents of a record, click on the value of its key (the Key column). If you want to delete the entry, click on the icon. You can also search records using the Search field.

To export active list:

1. Open Correlator active lists table (see above).
2. Open the drop-down list to the left from the required active list.
3. Click Export.

Active list is downloaded in JSON format using your browsers settings. The name of the downloaded file reflects the name of active list.

To import active list:

1. Open Correlator active lists table (see above).
2. Open the drop-down list to the left from the required active list.
3. Select Import.

   The active list import window opens.

4. In the File field select the file you wan to import.
5. In the Format drop-down list select the format of the file:
   • csv
   • tsv
   • internal
6. Under Key field, enter the active list key value.
7. Select Import.

The data from the file is imported into the active list.

Searching for related events

You can search for events processed by the Correlator or the Collector services.

To search for events related to the Correlator or the Collector service:

1. Log in to the KUMA web interface and open Resources → Active services.
2. Select the check box next to the required correlator or collector and click Go to Events.

A new browser tab opens showing KUMA Events section with the services selected using the following search: ServiceID = <ID of the selected service>.