Troubleshooting Console

If you encounter unexpected behavior, there are a few basic troubleshooting steps.

View and copy the Local Error Log

Tanium Console maintains an error log on the local host computer for your web browser. It includes details on the last 100 errors that were returned to the Console in response to actions that you performed through the browser. For example, the log records errors that are associated with attempting to save a configuration or import a content file. Console maintains a separate log for each browser that you use.

In the Main menu, click and select Local Error Log.
(Optional) Expand a log entry and click Copy to copy the log details to the clipboard.
(Optional) Click Clear Log if you want to remove all the log entries. For example, you might want to remove the entries after you finish resolving the associated issues.

Collect Console logs

To send information to Tanium Support for troubleshooting Tanium Interact, perform the following steps to collect logs and other relevant information. The information is saved as a ZIP file that you can download through your browser.

From the Interact Overview page, click Help .
In the Troubleshooting section, click Download Support Package.
A tanium-interact-support-<date-time>.zip file downloads to the local download directory.
Attach the ZIP file to your Tanium Support case form or send it to Tanium Support.

Troubleshoot question runtimes

If Tanium Clients answer a question slower than expected, the question might use sensors that have long runtimes. Tanium Console displays runtime indicators to show the average runtimes of sensors that you select for questions. If necessary, you can customize the thresholds that determine which indicator appears for a specific runtime. See Managing sensor runtime thresholds.

Troubleshoot question results issues

If Tanium Clients do not answer questions, review the following issues and remediation tasks:

Question results issues
Issue	Remediation
No results	The Question Results grid displays [no results] to indicate that a Tanium Client was instructed to answer but does not have a value that matches the sensor filter. This occurs if you apply a filter to the get clause and not the from clause. For example, if the question is Get IP Address ending with 2 from all machines, all endpoints return answers and all endpoints without an IP address ending in 2 return [no results]. Add the filter in the from clause. For example, Get IP Address from all machines where IP Address ends in 2 does not return unexpected [no results] rows. You might also see [no results] if the sensor does not return a value or cannot execute the script.
Current result unavailable	If an endpoint takes longer than usual to evaluate a sensor, it might initially supply the answer [current result unavailable] to the answer message that it passes along the linear chain and ultimately to Tanium Cloudthe Tanium Server. However, the sensor process continues on the endpoint after supplying that initial answer and, upon completing the process, the endpoint sends its updated answer. Tanium CloudThe server then updates the Question Results grid.
Results currently unavailable	The Question Results grid displays the [results currently unavailable] message to indicate that Tanium Cloudthe Tanium Server cannot correctly parse an answer. Parsing errors can result from various conditions, such as the excessive growth of answer strings. Contact Tanium Support if you observe this message.
Too many results	The Question Results grid displays [too many results] to indicate that more results are available, but the Tanium Clients will not return the additional results. Tanium CloudThe Tanium Server has certain checks to limit the network and memory impact of questions. Because of how Tanium Cloudthe server generates these messages, you cannot drill down on this response. Try the following solutions to avoid this message: Use sensors that are more focused. Target only a certain endpoint or computer group to limit the unique number of strings for each answer. Use a non-counting question instead of a counting question. See Counting and non-counting questions.
TSE-Error	Messages that begin with [TSE-Error indicate a Tanium Client is in a state that prevents it from answering the question. Common reasons include: Unstable operating system (OS) Configuration issues Lack of memory Antivirus software blocks: To ensure that all the required exclusions are configured in your antivirus software, see Tanium Core Platform Deployment Reference Guide: Host system security exclusions. Corrupted Windows Management Instrumentation (WMI) repositories Sensor quarantines: The Question Results page displays TSE-Error: The sensor is quarantined if the question uses quarantined sensors. You can remove those sensors from quarantine if appropriate. See Manage sensor quarantines. Issues related to the roles that are assigned to your user account. See Troubleshoot role-based access control (RBAC) issues. Issues related to the computer groups that are assigned to your user account. See Results missing from certain endpoints.
Results missing from certain endpoints	You can see question results only from endpoints in computer groups that are assigned to the user account or persona that you use to issue questions. If certain endpoints to do return results, troubleshoot computer group assignments and configurations: Assignments: Verify that the appropriate computer groups are assigned. If your user account inherits computer group assignments, you might have to assign a different user group: Manage computer group assignments for a user Manage computer group assignments for a persona Manage computer group assignments for a user group Manage user group assignments for a user Configurations: View the computer group configurations to ensure that their membership Expression is correct. Note that you cannot edit the membership of a computer group. If the membership does not include the correct endpoints, you must create and assign a new computer group. View computer group details Create a computer group
Tanium Client communication	View the status of client connections and, if necessary, correct them. See Troubleshoot Tanium Client issues.

Troubleshoot action deployment issues

To ensure actions deploy as expected and to troubleshoot deployment issues, see Monitor actions.

Troubleshoot Tanium Data Service issues

Monitor resource usage for sensor results collection

Tanium Data Service collects and stores the results of all sensors that are registered for collection so that users can see those results for offline endpoints when issuing questions. Sensor collection consumes resources such as network bandwidth, disk space on the Tanium Server, and processing on endpoints. Resource consumption increases with the cardinality of sensors. For example, the IP Address sensor produces a unique result string for each queried endpoint, whereas the Operating System (OS) sensor produces the same string for all endpoints that have the same OS. In this case, the high cardinality IP Address sensor requires more bandwidth, CPU usage, and storage. Interact provides charts that enable you to visualize resource usage metrics related to results collection.

For more details and procedures related to sensor results collection, see Tanium Interact User Guide: Managing Tanium Data Service.

Go to the Interact Overview page and click Info .
Review the following charts:
- Harvest Metrics: These charts display metrics related to the number of database rows that are processed when question results are collected for registered sensors.
- Data Service Sensor Metrics: Use these charts to determine whether specific sensors are generating result strings that consume too much storage.
- Data Service Database Metrics: These charts provide indicators on the disk space usage for Tanium Data Service. The Database Key Size and Database Value Size charts show usage in bytes.
- Data Service Resource Consumption Metrics: Use these charts to determine the resource usage for Tanium Data Service.

Resolve TDS resource consumption issues

If you determine that sensor collection consumes too many resources, consider the following solutions:

Pause collection for sensors that you determine are currently not important for users who view the stored results of offline endpoints. See Tanium Interact User Guide: Pause or resume collection.
Unregister specific sensors for which users will never need to see stored results. See Tanium Interact User Guide: Register or unregister sensors for collection.
Purge the results of specific sensors if those results are not useful to users. See Tanium Interact User Guide: Purge results for specific sensors.
Contact Tanium Support about editing the default settings that govern results collection and garbage collection:

Uninstall Console

If you need to uninstall Console, perform the following steps.

If you uninstall Console, and no users, personas, or user groups are assigned to the Feed User role before uninstalling Console, you lose the ability to access Tanium™ Feed. To regain access to Feed, either reinstall Console, or assign users, personas, or user groups to the Feed User role.

Sign in to Tanium Console as a user with the Administrator role.
From the Main menu, select Administration > Configuration > Solutions.
In the Console tile, click Uninstall .

To reinstall Console, see Installing Console.

Contact Tanium Support

To contact Tanium Support for help, sign in to https://support.tanium.com.