Reindex a specific index database in Cortex XSOAR. Reindex multiple index databases.
In some cases, you might need to reindex a specific index database, if you encounter incorrect or partial data in Cortex XSOAR. Reindexing processes all data for that index database and ensures it is fully available for searches in the Cortex XSOAR UI. If issues are appearing related to multiple indexes, you can reindex more than one database at a time by listing the indexes as a comma separated list or you can Reindex the Entire Database. Depending on the volume of the data in the system, it may take some time for the indexing to complete. We recommend consulting with Cortex XSOAR support before reindexing.
Note
If using Live Backup, the index database must be reindexed on both the production and backup servers.
Stop the Cortex XSOAR service using the appropriate command for your OS.
systemctl stop demisto
sudo service demisto stop
Back up the index directory by typing the following command:
tar -czvf filename.tar.gz /var/lib/demisto/data/demistoidx
Note
The backup of the index directory should not be stored under
/var/lib/demisto
.Run the server and specify the index as an argument. To re-index multiple indexes, use a comma separated list of index names for
indexName
.sudo /usr/local/demisto/server -restore-index-name=
indexName
-public /usr/local/demisto/dist -stdout -conf /etc/demisto.confFor example, to reindex playbooks and scripts, run
sudo /usr/local/demisto/server -restore-index-name=playbooks,scripts -public /usr/local/demisto/dist -stdout -conf /etc/demisto.conf
Log in to your Cortex XSOAR instance and verify that the reindex process was successful.
When a message appears stating
Server up and running, good luck to us all
or the Cortex XSOAR UI displays, verify that all the data is present from the reindexing, and stop the process by pressingCtrl+C
orCmd+C
.Set permissions by running the following command.
sudo chown -R demisto:demisto /var/lib/demisto/data
Start the Cortex XSOAR service using the appropriate command for your OS.
systemctl start demisto
sudo service demisto start