Out of memory error

38750004 - Application ran out of memory

Explanation

When the system attempts to use more than the allocated amount of memory, the application or service can stop working. Out of memory issues are often caused by software, or user-defined queries and operations that exhaust the available memory.

User response

Review the following resolutions:

Review the error message that is written to the /var/log/qradar.log file to determine which component failed.
If the Ariel proxy server is searching through large amounts of data or is using a grouping option that generates unique values in the search results, reduce the number of unique values or reduce the time frame of the search.
If the accumulator is generating a time series graph with many aggregated unique values, reduce the size of the query.
If a protocol-based log source is recently enabled, decrease the polling period to reduce the data queried. If multiple protocol-based log sources are running at the same time, stagger the start times.
If a rule recently changed to track unique properties over long periods of time, reduce the time frame by half or reduce the number of matching events by adding another filter.