Creating a Qlik Sense Client-Managed connection | Migration Center Help documents all steps needed to create a Qlik Sense Client-Managed connection to the Qlik Analytics Migration Tool.

As a part of the System Requirements (System requirements | Migration Center Help), Qlik advises that the Qlik Sense Proxy service must have a valid third-party certificate.

This article explains the process to follow if no third-party certificate is available; for example, when setting up a test connection in your UAT or test environment. For this example, we will be using the self-signed certificate used by Qlik Sense. 

Securing the connection

The first challenge we need to overcome is the Not Secure alert when accessing Qlik Sense:

1. Run certlm.msc with elevated permissions (as Administrator)
   
   
   
   
2. Select Trusted Root Certification Authorities > Certificates > All Tasks > Import
   
   
   
   
3. Click Next
4. Select All Files and choose the root.pem stored in  C:\ProgramData\Qlik\Sense\Repository\Exported Certificates\.Local Certificates
   
   
   
   
5. Click Open and follow the onscreen instructions; when prompted for the Certificate Store choose the Trusted Root Certificate Authorities storage location
   
   
   
   
6. Confirm the CA cert was installed by refreshing the Trusted Root Certificate Authorities > Certificates list:
   
   
   
   
   
7. Close CertML and open https:// YOUR-HOST.domain.local/hub to confirm the connection is now displayed as Secured:
   
   
   
   

Connecting to the Qlik Analytics Migration Tool

Creating a Qlik Sense Client-Managed connection | Migration Center Help

To establish a connection to the Qlik Analytics Migration Tool in this example, we will be using Method 2 of the recommended steps: Create a virtual proxy using the tool | help.qlik.com.

1. In the Qlik Analytics Migration Tool, navigate to the Connections tab and select Qlik Sense Client-Managed
2. Click Create New
3. Switch to the Virtual Proxy Setup tab
4. In the Qlik Server URL field, enter the login URL of the Qlik Sense Client-Managed environment
5. Click Login to Qlik
   
   
   
   
6. After logging in, open your web browser's Developer Tools (F12 or fn + F12)
7. Go to the Application tab, expand Cookies, then select the Qlik Sense domain and copy the Cookie Name and Cookie Value
   
   
   
   
   
8. Paste the values into the Session Cookie fields in the Virtual Proxy Setup – Guide
9. Click Retrieve users and proxies from Qlik and confirm the message
   
   
   
   
10. In the Select Service User dropdown, select a RootAdmin user to associate with the virtual proxy
11. In the Select Proxy Service dropdown, select the proxy service (typically Central)
12. Optionally, set a Virtual Proxy Name (no spaces allowed)
13. Click Create Virtual Proxy
14. After proxy creation, a JWT token will be displayed (optional to save)
15. Click Go to Connection Setup 
    
    
    
    
16. Click Test Connection to validate the setup
17. Click Create Connection
18. A confirmation message will appear, and the connection will be added to the list
19. This step creates a Qlik Sense Converter connection

Environment

• Qlik Cloud Migration Tool
• Qlik Sense Enterprise on Windows
• Qlik Cloud Analytics

Is it possible to migrate users and data connections from one Qlik Cloud Analytics tenant to another?

Answer

You cannot migrate users and data connections from an existing tenant to a newly purchased tenant.

The following will need to be done:

• All data connections must be recreated
• Apps and scripts in the new tenant need to have their data connections updated to reference the new connections
• For users, it will be necessary to send new invitations or configure your identity provider to manage access to your new Qlik Cloud tenant

What about apps and scripts?

Apps can be migrated from one tenant to another using the following Qlik CLI automation: Migrate apps between Qlik Cloud tenants 

This tutorial is not exhaustive, and does not migrate other resources such as spaces, automations, data alerts, subscriptions, notes, etc. Qlik offers solutions via Qlik Professional Services for complete tenant to tenant migrations.

For scripts, follow the process of exporting them manually from the old tenant and then importing them to the new tenant. See Exporting scripts.

To make the process easier for you, Qlik's customer support team can link the newly purchased tenant license to a trial tenant, and you can continue to use the trial tenant. The trial tenant will be updated to a Standard, Premium, or Enterprise version after linking the license (depending on which package was purchased).

Additional References

• Exporting apps | help.qlik.com 
• How to export QVD files from a Qlik Cloud Tenant 

Environment

• Qlik Cloud Analytics

Qlik Sense Enterprise on Windows can be set up with a central node and multiple rim nodes. See Installing a Qlik Sense rim node.

To remove a rim node at any point after setup:

1. Open the Qlik Sense Enterprise Management Console
2. Go to Nodes
3. Find the rim node you wish to remove 
4. Click Delete

It is now safe to uninstall the Qlik Sense services or decommission the server. When uninstalling, ensure that you select the Remove Qlik Sense certificates and data folders option.

Environment

• Qlik Sense Enterprise on Windows

While Qlik Cloud provides robust data connectivity options through the Data Movement Gateway, some organizations require additional controls to restrict access to the Qlik Cloud Talend platform itself, not only to data connections. 

While Qlik Cloud does not currently support full tenant-level access restriction via PrivateLink, it does offer:

• IP-based access control via Web Integrations
• Strong authentication and security policies
• Gateway-based PrivateLink support for data connectivity
• Cryptographically secure gateway communication

This article outlines these available options and limitations for securing tenant access at the platform level.

Content

• Does Qlik Cloud support IP Allowlist for tenant access?
• Are there network-level restrictions available for accessing the Qlik Cloud tenant?
• What are the available options for securing tenant access beyond standard authentication?
• Understanding Gateway Security Architecture
• Future Plans

Does Qlik Cloud support IP Allowlist for tenant access?

Yes. Qlik Cloud supports IP allowlisting through Web Integrations, which can be configured to restrict access to the tenant based on specific IP addresses.

See Managing web integrations for details.

Are there network-level restrictions available for accessing the Qlik Cloud tenant?

Qlik Talend Data Integration supports private connections for tenant-level access. Does Qlik Cloud support a similar, solution, such as Azure or AWS PrivateLink?

No, Qlik Cloud does not support Azure PrivateLink for tenant-level access in the same way Talend Cloud does.

• In Qlik Talend Data Integration, PrivateLink can be used to restrict access to the entire tenant.
• In Qlik Cloud, PrivateLink is supported only for data connectivity via a customer-managed gateway.
• The gateway acts as the endpoint for PrivateLink, but it does not restrict access to the Qlik Cloud web interface.
• See Support private connections in Qlik Talend Data Integration for details.

What are the available options for securing tenant access beyond standard authentication?

Qlik Cloud offers several security features for tenant access:

• Multi-Factor Authentication (MFA)
• OAuth
• Content Security Policy (CSP)
• API Keys
• Web Integrations (IP Allowlist)

See Securing the system.

Understanding Gateway Security Architecture

When using the Data Movement Gateway, Qlik Cloud ensures secure communication through a multi-step cryptographic process:

1. Key Generation & Registration:
   
   Upon installation, the gateway generates a private/public key pair and a key ID (kid). The public key and key ID are registered in Qlik Cloud by the tenant admin.
   
   
2. Secure WebSocket Establishment:
   
   
   1. The gateway initiates a TLS-secured WebSocket (WSS) connection to Qlik Cloud.
   2. During this handshake:
      
      
      • The gateway verifies QCS’s certificate.
      • Qlik Cloud verifies the JWT sent by the gateway, ensuring it includes the correct key ID and is signed with the gateway’s private key.
      • This confirms a cryptographic match to the registered public key and key ID.
        
        
3. Channel Key Derivation:
    
   • Both sides generate ECDH key pairs and exchange secrets.
   • A channel key is derived and used to encrypt all traffic over the WebSocket.
   • This key is re-derived upon reconnection or restart, ensuring session-level encryption.

This architecture ensures that all data movement operations are secure, authenticated, and encrypted end-to-end.

Future Plans

If full tenant isolation via PrivateLink is a critical requirement, please submit a feature request via Qlik Ideation.

Environment

• Qlik Cloud
• Qlik Talend Data Integration

After upgrading to Remote Engine 2.13.13, when enabling the option to execute a job from Studio on a remote engine, the process fails due to SSL and PKCS-related errors.

sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Resolution

SSL Configuration for Talend Studio to Connect with Remote Engine

1. Retain the Keystore and Truststore Passwords Generated During Installation

   During the installation of Talend Remote Engine, SSL credentials are automatically generated. To retrieve the keystore password, execute the following command:

   cat /opt/TalendRemoteEngine/bin/sysenv

   and locate the line

   TMC_ENGINE_JOB_SERVER_SSL_KEY_STORE_PASSWORD=<PASSWORD>

2. Required Keystore and Truststore Files

   The following files are necessary for secure communication between Talend Studio and the Remote Engine:

   /opt/TalendRemoteEngine/etc/keystores/jobserver-client-keystore.p12
   /opt/TalendRemoteEngine/etc/keystores/jobserver-client-truststore.p12 (Truststore file added with RE 2.13.13)

   Transfer these files to your Talend Studio workstation and store them in a dedicated folder.

3. Configure Talend Studio to Use SSL

   Edit the Studio startup configuration file, depending on your operating system:

   • For Linux (x86_64): studio/Talend-Studio-linux-gtk-x86_64.ini
   • For ARM architecture: studio/Talend-Studio-gtk-aarch64.ini  
   • For Windows: Talend-Studio-win-x86_64.ini
4. Add the following JVM options to the configuration file, and adjust the file paths and password values accordingly:

       -Dorg.talend.remote.client.ssl.force=true
       -Dorg.talend.remote.client.ssl.keyStore=path_to_keystore/jobserver-client-keystore.p12
       -Dorg.talend.remote.client.ssl.keyStoreType=PKCS12
       -Dorg.talend.remote.client.ssl.keyStorePassword=<password_from_step_1>
       -Dorg.talend.remote.client.ssl.keyPassword=<password_from_step_1><
       -Dorg.talend.remote.client.ssl.trustStore=path_to_truststore/jobserver-client-truststore.p12
       -Dorg.talend.remote.client.ssl.trustStoreType=PKCS12
       -Dorg.talend.remote.client.ssl.trustStorePassword=<password_from_step_1>
       -Dorg.talend.remote.client.ssl.disablePeerTrust=false
       -Dorg.talend.remote.client.ssl.enabled.protocols=TLSv1.2,TLSv1.3
      

Cause 

Talend Remote Engine enforces SSL communication by default, ensuring that all interactions with the engine are encrypted. If Studio does not have the appropriate certificates installed, it will be unable to establish a secure connection with the Remote Engine.

Environment

• Talend Studio 
• Talend Cloud 

The "Enable IP Allowlist" option has been enabled, and several IPs have already been added to the list to restrict access solely to those on the allowlist. However, other IPs are still able to access TMC.

Cause

To configure an IP allowlist in Talend Management Console, the user account needs to possess the Security Administrator role.
Only accounts granted the "Users - Manage" permission can bypass the IP allowlist. (This permission is encompassed within the Security Administrator role.).

1. Verify the user's role; it must NOT include a role such as Security Administrator, as this role possesses the "Users - Manage" permission, which can bypass the IP allowlist. For more details about TMC role, please read this documentation page.
2. Verify the permissions assigned to the role. If you are uncertain whether this role possesses the "Users - Manage" permission, review the role's permissions as illustrated in the screenshot below.

Resolution

Once the IP allowlist is enabled, the same user account must take one of the following actions:
Either create additional users without the "Users-Manage" permission, Or remove its own Security Administrator role.
This guarantees that the IP allowlist is effectively enforced for the account.

Consequently, IP addresses not included in the IP allowlist will be unable to connect to TMC, as illustrated below:

Related Content 

Setting up IP allowlist policy to restrict user access

Environment

• Talend Cloud 8.0.1

This details the steps required to use a Microsoft Excel (XLS) file as a User Directory in the User Directory Connector (UDC).

Environment: 

The required Microsoft Excel Driver may not be installed by default.  

Step 1: Verify if the drivers are already installed on your server

Open the Windows Registry Editor and navigate to Computer\HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\
?

Step 2: If no, download the latest Microsoft package

This file can be directly sourced from the Microsoft Download site. The 64bit version is required.
Example: Microsoft Access Database Engine 2016 Redistributable
 

Step 3: Run the installer

If the installer fails with CVRUNTIME140.dll error, cancel the installation.
 

Obtain a valid CVRUNTIME140.dll and place the file in C:\Windows\System32
A copy of this file is attached to this article.

Run the installer again.
 

Step 4: Refresh the registry editor and verify that the drivers are correctly installed

Step 5: Create and XLS file that contains your users 

A sample XLS file is attached to this article. 

• This file contains 2 sheets "MyUsers" and "Attributes" - they can be renamed to fit your naming convention.
• The first sheet contains 2 columns: "userid" and "name" Those names are important and mandatory. Do not change them, or the import will fail.
• The second sheet contains 3 columns "userid", "type" and "value"

Step 6: Create a new UDC (Select "Excel (via ODBC)")

• Navigate to your User Directory Connector in the Qlik Sense Management Console
• Create a new connection: Excel (via ODBC)
• Untick the checkbox "Sync user data for existing users"
• "User table Name" must match your first sheet ("[MyUsers$]" here)
• "Attribute table name" must match the second sheet ("[Attributes$]" here)
• Modify the connection string to point to your xls file "DRIVER={Microsoft Excel Driver (*.xls, *.xlsx, *.xlsm, *.xlsb)};DBQ=C:\temp\SomeUsers.xls"

Step 7: Validate and check in the logs

The below should be logged: 

Step 8: Sync the UDC and check in the logs

Step 9: In the QMC > users

Verify that the users have been added
 

The Attributes are reflected in the user's properties
 

Errors you may find in the C:\ProgramData\Qlik\Sense\Log\Repository\Trace\<SERVER>_UserManagement_Repository.txt
 

==> Verify step 5 ; names "name" and "userid" of the columns is important, you cannot change them

The information in this article is provided as-is and to be used at own discretion. Depending on tool(s) used, customization(s), and/or other factors ongoing support on the solution below may not be provided by Qlik Support.

***Changes must be made to all Qlik servers that will not be provided with internet access.***

For servers not connected to the internet, they may be prompted with a pop-up error when browsing in the Hub or in the Data Load Editor with the following errors:

• The Hub has continuous bubbles while loading forever
• The Hub is stuck on the initial loading bar

Browser Debug tools may display the following error in the console:

Cause:

This was originally defined as an issue with the Qlik Sense DataMarket connector executable, which is cryptography signed for authenticity verification, and the .NET Framework's verification procedure when launching an executable includes checking OCSP and Certificate Revocation List information, which means fetching it online if the system doesn't have a fresh cached copy locally.

Even without the QlikData Market being in use, the solutions provided can be deployed when encountering issues with Qlik Sense Enterprise Windows servers that have no internet access. Internet access is recommended.  
 

Resolution

Only deploy one of the below options.

Option 1 will persist through upgrades, whereas Option 2 would have to be reapplied after every Sense upgrade. 

Option 1:

1. Stop all Qlik Sense services on all nodes
2. Edit C:\Windows\Microsoft.NET\Framework64\v4.0.30319\config\machine.config
   1. If there is an empty <runtime/> tag, change it to

      <runtime>     
           <generatePublisherEvidence enabled="false"/>  
      </runtime>

   2. If there is no <runtime/> tag, add the below anywhere above the closing </configuration> tag.

      <runtime>
          <generatePublisherEvidence enabled="false"/> 
      </runtime>

   3. If the <runtime> section has existing content, add generatePublisherEvidence.

      <runtime>
        <some other key="value"/>
        <generatePublisherEvidence enabled="false"/>
      </runtime>

      Example:
      
3. Save machine.config
4. Repeat on all nodes (if applicable)
5. Start services on all nodes

Node.js comes bundled with Qlik Sense Enterprise on Windows. Its version depends on the Qlik Sense released currently installed.

How do I know which version of node.js is used by Qlik Sense?

You can verify the version of any of the third-party integrations Qlik Sense makes use of by:

• Using the Qlik Sense API and calling About Service API: thirdParty: Get, which returns details including information about copyright, version, licensing, and legal notices.
• Accessing the below URL in a browser, where qlikserver.domain.local is replaced with your Qlik Sense server hostname:
  

  https://qlikserver.domain.local/api/about/v1/thirdParty

How do I upgrade my version of node.js is used by Qlik Sense?

You may want to upgrade node.js, specifically in response to a security vulnerability. To do so, upgrade Qlik Sense Enterprise on Windows. When upgrading Qlik Sense, the currently installed node.exe will be replaced with the version Qlik Sense comes bundled with at this release.

Can I install or upgrade a separately installed instance of node.js?

Installing Qlik Sense installs node.exe side-by-side in the following location: C:\Program Files\Qlik\Sense\ServiceDispatcher\Node.

If you install node.js manually it will typically be installed in C:\Program Files\nodejs and the Windows environment variable will point to this location by default (i.e. running node -v to get the version will result in providing the version of node found in C:\Program Files\nodejs).

As Qlik Sense will not register any Windows environment variable for node.js, it will not tamper with any settings affecting already installed node.js instances. Therefore it is safe to upgrade your separate instance of Node.js.

Environment

• Qlik Sense Enterprise all versions

Related Content

Third-party and middleware software integrated with Qlik Sense Enterprise on Windows 

Qlik Direct Access Gateway (DAG) is shown as disconnected. 

The Windows server's time lags behind the Qlik Cloud tenant's timezone. 

Resolution

Address the time difference by aligning the Windows server's clock. If necessary, align it to a standard NTP service. 

Cause

Misaligned time. Without alignment, Qlik Direct Access Gateway will disconnect.

Environment

• Qlik Direct Access Gateway
• Qlik Cloud Analytics

In this article, we detail the 12 steps necessary to successfully configure Qlik Sense Enterprise on Windows after an Active Directory Domain name change or moving Qlik Sense to a new domain.

Depending on how you have configured your platform, not all the steps might be applicable. Before updating any hostname in Qlik Sense, make sure that the original value is using the old domain name. In some case, you may have configured “localhost” or the server name without any reference to the domain so there is no need in these cases to perform any update.

Environment

• Qlik Sense Enterprise on Windows 

Scenario

In this scenario we are updating a three-node environment running Qlik Sense February 2021:

The domain has been changed from DOMAIN.local to DOMAIN2.local

The servers mentioned below are already part of the new domain name DOMAIN2.local and their Fully Qualified Domain Name (FQDN) is already updated as followed:

• QlikServer1.domain.local to QlikServer1.domain2.local: Central node
• QlikServer2.domain.local to QlikServer2.domain2.local: Rim node
• QlikServer3.domain.local to QlikServer3.domain2.local:  Dedicated Postgres and hosting the Qlik shared folder

All Qlik Sense services have been stopped on every node.

Step 1: Update the Postgres Configuration File

The first step is to update the postgres.conf file to listen on the correct hostname

1. Open the postgres.conf (make sure to make a copy) under
   • C:\ProgramData\Qlik\Sense\Repository\PostgreSQL\<version> (for an environment running the native Qlik Sense Repository Database)
   • C:\Program Files\PostgreSQL\<version>\data (for an environment running a dedicated PostgreSQL database)
2. Search for the parameter listen_addresses and update the hostname value if required
   
   
   
   
3. Save the file, close it and start the Qlik Sense Repository Database or PosgresSQL service depending if you are using the native PostgreSQL or a dedicated instance

Step 2: Backup your Qlik Sense site

Before doing any further changes, it is important to take a backup of your Qlik Sense Platform

• Backing up a Qlik Sense site

Step 3: Rename Server Node in QSR database

Now we update the node names in the database with the new Fully Qualified Domain Name.

1. Connect to the Qlik Sense Database using Installing and Configuring PGAdmin4 to access the PostgreSQL
2. Open the QSR Database and navigate through Schemas -> public ->Tables
3. Right-click on ServerNodeConfiguration -> View/Edit Data -> All Rows
4. Modify the hostname of each node if required
   
   
   
   
5. Save by clicking on the below icon available in the toolbar
   
   
   
   
6. Close PGAdmin

Step 4: Rename User Directory for existing users

1. Connect to the Qlik Sense Database using Installing and Configuring PGAdmin4 to access the PostgreSQL
2. Right-click on the QSR Database and select “Query Tool”
3. Run the following query
   

   UPDATE public."Users"
   SET "UserDirectory" = 'DOMAIN2'
   WHERE "UserDirectory" = 'DOMAIN';​

4. Validate the change by running the following query
   

   SELECT * FROM public."Users"​

   
   The User Directory should be updated to the new domain:
   
   
   
   
5. Close PGAdmin

Step 5: Update Service Cluster configuration

1. On the central node run the program C:\Program Files\Qlik\Sense\Repository\Util\QlikSenseUtil\QlikSenseUtil.exe and Connect to Database
   
   
   
   
2. Once connected, click on Service cluster and then OK
3. Update the FQDN with the new domain if required and press Save
   
   
   
   
4. Close QlikSenseUtil.exe

Step 6: Update the repository Connection Strings

1. On the central node run the program C:\Program Files\Qlik\Sense\Repository\Util\QlikSenseUtil\QlikSenseUtil.exe
2. Select Connection String Editor and click on Read
3. Update the FQDN with the new domain if required and press Save Value in config file encrypted
   
   
   
   
4. Close QlikSenseUtil.exe
5. Repeat the above steps on every rim node

Step 7: Update the dispatcher services connection strings

Verify if a hostname update is required

1. On the central node, open File Explorer and navigate to C:\Program Files\Qlik\Sense\Licenses and open the appsetting.json
2. Check if the parameter host contains the old domain name. If it does then you need to follow the below steps to update it otherwise you can jump to the next section

Update hostname on all Qlik Sense Dispatcher subservices

1. Search for the file called Configure-Service.ps1
   
   In Qlik Sense February, there are 8 of these files placed in different Qlik Sense Dispatcher sub-services. We need to run each of these files with a specific argument. In the previous or later version of Qlik Sense, the list presented below may need to be adapted.
   
   
2. Run the following command in PowerShell ISE as Administrator
   

   cd "C:\Program Files\Qlik\Sense\NLAppSearch\install"
   .\Configure-Service.ps1 QlikServer3.domain2.local 4432 qliksenserepository <qliksenserepository_password>
   
   cd "C:\Program Files\Qlik\Sense\AppDistributionService"
   .\Configure-Service.ps1 QlikServer3.domain2.local 4432 qliksenserepository <qliksenserepository_password>
   
   cd "C:\Program Files\Qlik\Sense\HybridDeploymentService"
   .\Configure-Service.ps1 QlikServer3.domain2.local 4432 qliksenserepository <qliksenserepository_password>
   
   cd "C:\Program Files\Qlik\Sense\Licenses"
   .\Configure-Service.ps1 QlikServer3.domain2.local 4432 qliksenserepository <qliksenserepository_password>
   
   cd "C:\Program Files\Qlik\Sense\NotifierService\install"
   .\Configure-Service.ps1 QlikServer3.domain2.local 4432 qliksenserepository <qliksenserepository_password>
   
   cd "C:\Program Files\Qlik\Sense\MobilityRegistrarService\install"
   .\Configure-Service.ps1 QlikServer3.domain2.local 4432 qliksenserepository <qliksenserepository_password>
   
   cd "C:\Program Files\Qlik\Sense\PrecedentsService\install"
   .\Configure-Service.ps1 QlikServer3.domain2.local 4432 qliksenserepository <qliksenserepository_password>
   
   cd "C:\Program Files\Qlik\Sense\DataPrepService\install"
   .\Configure-Service.ps1 QlikServer3.domain2.local 4432 qliksenserepository <qliksenserepository_password>

3. Repeat the above steps on every node (Including the verification)

Step 8: Update the Qlik Logging Service

If you are using the Qlik Logging Service;

1. Run the following command in Command Prompt:
   

   cd "C:\Program Files\Qlik\Sense\Logging"
   Qlik.Logging.Service.exe validate​

2. If you get something like:
   
   Failed to validate logging database. Database does not exist or is an invalid version.
   
   Then it probably means that the hostname needs to be updated
   
   
3. If so, run the following command in Command Prompt:
   

   cd "C:\Program Files\Qlik\Sense\Logging"
   Qlik.Logging.Service.exe update -h QlikServer3.domain2.local​

4. Once done, run the validate command again to verify that the connectivity is working
   
   
   
   
5. Repeat the above steps on every rim node

Step 9: Update the service account running the Qlik Sense services

1. On the central node, open the Windows Service Console an update each Qlik Sense services with the new domain (DO NOT START THE SERVICE AT THIS POINT)
   
   
   
   
2. Repeat the above step on every rim node

Step 10: Update the host.cfg and remove the certificate

1. On the central node login as the service account
2. Backup the Qlik Sense certificate following Backing up certificates
3. Remove the certificate you have previous backed up from the MMC
4. Make a copy of %ProgramData%\Qlik\Sense\Host.cfg and rename the copy to Host.cfg.old
   • Host.cfg contains the hostname encoded in base64. You can generate this string for the new hostname using a site such as https://www.base64encode.org/ (You may want to decode the original string to see if it contains the old domain name.
5. Open Host.cfg and replace the content with the new encoded hostname.
6. Run Windows Command Prompt as Administrator and execute the following command:
   

   "C:\Program Files\Qlik\Sense\Repository\Repository.exe" -bootstrap -iscentral -restorehostname​

7. In parallel start the Qlik Sense Dispatcher services
8. When the command has completed successfully you should see the following message in command prompt:
   
   Bootstrap mode has terminated. Press ENTER to exit..
   
   
9. Start every Qlik Sense services on the central node and try to access the QMC with https://localhost/qmc

Step 11: Distribute the certificate on the rim node(s)

1. On the rim node(s) login as the service account
2. Backup the Qlik Sense certificate following Backing up certificates
3. Remove the certificate you have previous backed up from the MMC
4. Start the Qlik Sense services
5. On the central node, open the QMC and go to Nodes
6. After a few minutes the rim node should have the status The certificates has not been installed
   
   
   
   
7. Click on Redistribute and follow the instructions to redistribute the certificates on the rim node(s)
8. After a few minutes, the services should be running
   
   

Step 12: Additional updates

User Directory Connector

If you are syncing your users with a User Directory Connector you will need to change the LDAP path to point to the new domain.

1. In the QMC -> User Directory Connector
2. Edit your existing User Directory Connector, check the LDAP Path and update if necessary
   
   

Monitoring Application

You will need to update the monitoring apps and their associated data connection to use the new Fully Qualified Domain Name

• Configuring the Monitoring apps

Data Connections password

• Part of the steps followed earlier, the certificates had to be recreated. As a result, the passwords for the existing data connection needs to be re-typed and saved for all Data Connections and User Directory Connectors that include password information.

Security Rules and Licenses rules

It is possible that you have created rules based on the User Directory. As you have changed the domain name, the user directory has also changed in Qlik Sense so you will need to update those to reflect that. 

The information in this article is provided as-is and to be used at own discretion. Depending on tool(s) used, customization(s), and/or other factors ongoing support on the solution below may not be provided by Qlik Support.

Scenario: A task with Sybase ASE as the Source and Confluent Kafka as the Destination.

Requirement: Create a new column with a unique identifier "UUID" to identify the message in Confluent Kafka.

Is there any customization in Qlik Replicate that allows the creation of a unique sequencer for each replicated record per table?

Resolution

The following transformation is provided as is. For more detailed customization assistance, post your requirement in the Qlik Replicate forum, where your knowledgeable Qlik peers and our active Support Agents can help. If you need direct assistance, contact Qlik's Consulting Services.

You can add a new column and hard-code it to a unique (random) value by using the Transform tab in Table Settings.

Example Expression Value: 

substr(lower(hex(randomblob(16))),1,8) || '-' || substr(lower(hex(randomblob(16))),9,4) || '-4' || substr(lower(hex(randomblob(16))),13,3) || '-' || substr('89ab', abs(random()) % 4 + 1, 1) || substr(lower(hex(randomblob(16))),17,3) || '-' || substr(lower(hex(randomblob(16))),21,12)

For more information on transformations, see Defining transformations for a single table/view.

Environment

• Qlik Replicate

In processing step, under Lineage, you may unable to select the "Allow Lineage collection of this task" check box to enable it when creating  or editing your task in Talend Management Console.

Resolution

To verify your Qlik Talend Cloud License Type

1. Open the Qlik Talend Management Console
2. Go to Subscriptions Tab
3. Go to License Type

Cause

The reason of "Allow Lineage collection of this task" option is not visible when creating tasks in Qlik Talend Management Console is due to the type of license currently in use. The Lineage feature is only available with the Qlik Talend Cloud Enterprise Edition or Qlik Talend Cloud Premium Edition licenses.

Related Content

For more details please find the links below

• Enabling-lineage-collection
• Subscription-options-QTC.htm

Environment

• Talend Cloud 
• Talend Studio 

Qlik Sense Enterprise on Windows facilitates the export of an Audit from the Qlik Sense Management Console. See Exporting audit query results.

This export works as expected unless the Audit result is filtered by one app and one user. If only one user and one app are used in the filter, the resulting Excel file is empty.

Resolution

This is a known defect (QCB-32416), which is expected to be fixed in a future release. Review the Qlik Sense Enterprise on Windows Release Notes for details.

Workaround:

Filter by more than one app and one user.

Internal Investigation ID(s)

Product Defect ID: QCB-32416

Environment

• Qlik Sense Enterprise on Windows May 2025 up to Patch 4
• Qlik Sense Enterprise on Windows November 2024 up to Patch 16

After upgrading to Qlik Sense Enterprise on Windows May 2023 (or later), the Qlik Sense Repository Service may cause CPU usage spikes on the central node. In addition, the central Engine node may show an increased average RAM consumption while a high volume of reloads is being executed. 

The Qlik Sense System_Repository log file will read:

"API call to Engine service was successful: The retrieved 'StaticByteSize' value for app 'App-GUID' is: 'Size in bytes' bytes." 

Default location of log: C:\ProgramData\Qlik\Sense\Log\Repository\Trace\[Server_Name]_System_Repository.txt

This activity is associated with the ability to see the Base memory size in the Qlik Sense Enterprise Management Console. See Show base memory size of apps in QMC.

Resolution

The feature to see Base memory size can be disabled. This may require an upgrade and will require downtime as configuration files need to be changed.

Take a backup of your environment before proceeding.

1. Verify the version you are using and verify that you are at least on one of the versions (and patches) listed: 
   
   
   • May 2023 Patch 13
   • August 2023 Patch 10
   • November 2023 Patch 4 
   • February 2024 IR
     
2. Back up the following files:
   
   
   • C:\Program Files\Qlik\Sense\CapabilityService\capabilities.json
   • C:\Program Files\Qlik\Sense\Repository\Repository.exe.config
     
     *where C:\Program Files can be replaced by your custom installation path.
     
     
3. Stop the Qlik Sense Repository Service and the Qlik Sense Dispatcher Service
   
4. Open and edit the capabilities.json with a text editor (using elevated permissions)
   1. Open C:\Program Files\Qlik\Sense\CapabilityService\capabilities.json
   2. Locate: "enabled": true,"flag": "QMCShowAppSize"
   3. Change this to: "enabled": false,"flag": "QMCShowAppSize"
   4. Save the file  
5. Open and edit the repository.exe.config with a text editor (using elevated permissions)
   1. Open C:\Program Files\Qlik\Sense\Repository\Repository.exe.config
   2. Locate: </appSettings>
   3. Before the </appSettings> closing statement, add:
      <add key="AppStaticByteSizeUpdate.Enable" value="false"/>
   4. Save
6. Start all Qlik Sense services
7. Verify you can access the Management Console

If any issues occur, revert the changes by restoring the backed up files and open a ticket with Support providing the changed versions of repository.exe.config, capabilities.json mentioning this article. 

Related Content

Show base memory size of apps in QMC

Internal Investigation:

QB-22795
QB-24301

Environment

Qlik Sense Enterprise on Windows  May 2023, August 2023, November 2023, February 2024. 

Ever wanted to brand or customize the default Qlik Sense Login page?

The functionality exists, and it's really as simple as just designing your HTML page and 'POSTing' it into your environment.

We've all seen the standard Qlik Sense Login page, this article is all about customizing this page.

This customization is provided as is. Qlik Support cannot provide continued support of the solution. For assistance, reach out to our Professional Services or engage in our active Integrations forum.

To customize the page:

1. We highly recommend setting up a new virtual proxy with Forms so you don't impact any users that are using auto-login Windows auth.
   
   Example setup:
   
   Description: Custom Forms Page
   Prefix: customlogin
   Session cookie header-name: X-Qlik-Session-CustomLogin
   Windows authentication pattern: Forms
   
   
   
   
2. Once this is done, a good starting point is to download the default login page.
   
   You can open up your web developer tool of choice, go to the login page, and download the HTML response from the GET http://<server>/customlogin/internal_forms_authentication request. It should be roughly a 273 line .html file.
   
   
3. Once you have this file, you can more or less customize it as much as you'd like.
   
   Image files can be inlined as you'll see in the qlik default file, or can be referenced as long as they are publicly accessible. The only thing that needs to exist are the input boxes with appropriate classes and attributes, and the 'Log In' button.
   
   
4. After building out your custom HTML page and it looks great, it needs to be converted to Base64. There are online tools to do this, openssl also has this functionality.
   
   Once you have your Base64 encoded HTML file, then you will want to PUT it into your sense environment.
   
   
5. First, do a GET request on /qrs/proxyservice and find the ID of the proxy service you want this login page to be shown for.
   
   
6. You will then do a GET request on /qrs/proxyservice/<id> and copy the body of that response. Below is an example of that response.
   
   

   {
       "id": "8817d7ab-e9b2-4816-8332-f8cb869b27c2",
       "createdDate": "2020-03-23T15:39:33.540Z",
       "modifiedDate": "2020-05-20T18:46:13.995Z",
       "modifiedByUserName": "INTERNAL\\sa_api",
       "customProperties": [],
       "settings": {
           "id": "8817d7ab-e9b2-4816-8332-f8cb869b27c2",
           "createdDate": "2020-03-23T15:39:33.540Z",
           "modifiedDate": "2020-05-20T18:46:13.995Z",
           "modifiedByUserName": "INTERNAL\\sa_api",
           "listenPort": 443,
           "allowHttp": true,
           "unencryptedListenPort": 80,
           "authenticationListenPort": 4244,
           "kerberosAuthentication": false,
           "unencryptedAuthenticationListenPort": 4248,
           "sslBrowserCertificateThumbprint": "e6ee6df78f9afb22db8252cbeb8ad1646fa14142",
           "keepAliveTimeoutSeconds": 10,
           "maxHeaderSizeBytes": 16384,
           "maxHeaderLines": 100,
           "logVerbosity": {
               "id": "8817d7ab-e9b2-4816-8332-f8cb869b27c2",
               "createdDate": "2020-03-23T15:39:33.540Z",
               "modifiedDate": "2020-05-20T18:46:13.995Z",
               "modifiedByUserName": "INTERNAL\\sa_api",
               "logVerbosityAuditActivity": 4,
               "logVerbosityAuditSecurity": 4,
               "logVerbosityService": 4,
               "logVerbosityAudit": 4,
               "logVerbosityPerformance": 4,
               "logVerbositySecurity": 4,
               "logVerbositySystem": 4,
               "schemaPath": "ProxyService.Settings.LogVerbosity"
           },
           "useWsTrace": false,
           "performanceLoggingInterval": 5,
           "restListenPort": 4243,
           "virtualProxies": [
               {
                   "id": "58d03102-656f-4075-a436-056d81144c1f",
                   "prefix": "",
                   "description": "Central Proxy (Default)",
                   "authenticationModuleRedirectUri": "",
                   "sessionModuleBaseUri": "",
                   "loadBalancingModuleBaseUri": "",
                   "useStickyLoadBalancing": false,
                   "loadBalancingServerNodes": [
                       {
                           "id": "f1d26a45-b0dd-4be1-91d0-34c698e18047",
                           "name": "Central",
                           "hostName": "qlikdemo",
                           "temporaryfilepath": "C:\\Users\\qservice\\AppData\\Local\\Temp\\",
                           "roles": [
                               {
                                   "id": "2a6a0d52-9bb4-4e74-b2b2-b597fa4e4470",
                                   "definition": 0,
                                   "privileges": null
                               },
                               {
                                   "id": "d2c56b7b-43fd-44ad-a12f-59e778ce575a",
                                   "definition": 1,
                                   "privileges": null
                               },
                               {
                                   "id": "37244424-96ae-4fe5-9522-088a0e9679e3",
                                   "definition": 2,
                                   "privileges": null
                               },
                               {
                                   "id": "b770516e-fe8a-43a8-a7a4-318984ee4bd6",
                                   "definition": 3,
                                   "privileges": null
                               },
                               {
                                   "id": "998b7df8-195f-4382-af18-4e0c023e7f1c",
                                   "definition": 4,
                                   "privileges": null
                               },
                               {
                                   "id": "2a5325f4-649b-4147-b0b1-f568be1988aa",
                                   "definition": 5,
                                   "privileges": null
                               }
                           ],
                           "serviceCluster": {
                               "id": "b07fc5f2-f09e-4676-9de6-7d73f637b962",
                               "name": "ServiceCluster",
                               "privileges": null
                           },
                           "privileges": null
                       }
                   ],
                   "authenticationMethod": 0,
                   "headerAuthenticationMode": 0,
                   "headerAuthenticationHeaderName": "",
                   "headerAuthenticationStaticUserDirectory": "",
                   "headerAuthenticationDynamicUserDirectory": "",
                   "anonymousAccessMode": 0,
                   "windowsAuthenticationEnabledDevicePattern": "Windows",
                   "sessionCookieHeaderName": "X-Qlik-Session",
                   "sessionCookieDomain": "",
                   "additionalResponseHeaders": "",
                   "sessionInactivityTimeout": 30,
                   "extendedSecurityEnvironment": false,
                   "websocketCrossOriginWhiteList": [
                       "qlikdemo",
                       "qlikdemo.local",
                       "qlikdemo.paris.lan"
                   ],
                   "defaultVirtualProxy": true,
                   "tags": [],
                   "samlMetadataIdP": "",
                   "samlHostUri": "",
                   "samlEntityId": "",
                   "samlAttributeUserId": "",
                   "samlAttributeUserDirectory": "",
                   "samlAttributeSigningAlgorithm": 0,
                   "samlAttributeMap": [],
                   "jwtAttributeUserId": "",
                   "jwtAttributeUserDirectory": "",
                   "jwtAudience": "",
                   "jwtPublicKeyCertificate": "",
                   "jwtAttributeMap": [],
                   "magicLinkHostUri": "",
                   "magicLinkFriendlyName": "",
                   "samlSlo": false,
                   "privileges": null
               },
               {
                   "id": "a8b561ec-f4dc-48a1-8bf1-94772d9aa6cc",
                   "prefix": "header",
                   "description": "header",
                   "authenticationModuleRedirectUri": "",
                   "sessionModuleBaseUri": "",
                   "loadBalancingModuleBaseUri": "",
                   "useStickyLoadBalancing": false,
                   "loadBalancingServerNodes": [
                       {
                           "id": "f1d26a45-b0dd-4be1-91d0-34c698e18047",
                           "name": "Central",
                           "hostName": "qlikdemo",
                           "temporaryfilepath": "C:\\Users\\qservice\\AppData\\Local\\Temp\\",
                           "roles": [
                               {
                                   "id": "2a6a0d52-9bb4-4e74-b2b2-b597fa4e4470",
                                   "definition": 0,
                                   "privileges": null
                               },
                               {
                                   "id": "d2c56b7b-43fd-44ad-a12f-59e778ce575a",
                                   "definition": 1,
                                   "privileges": null
                               },
                               {
                                   "id": "37244424-96ae-4fe5-9522-088a0e9679e3",
                                   "definition": 2,
                                   "privileges": null
                               },
                               {
                                   "id": "b770516e-fe8a-43a8-a7a4-318984ee4bd6",
                                   "definition": 3,
                                   "privileges": null
                               },
                               {
                                   "id": "998b7df8-195f-4382-af18-4e0c023e7f1c",
                                   "definition": 4,
                                   "privileges": null
                               },
                               {
                                   "id": "2a5325f4-649b-4147-b0b1-f568be1988aa",
                                   "definition": 5,
                                   "privileges": null
                               }
                           ],
                           "serviceCluster": {
                               "id": "b07fc5f2-f09e-4676-9de6-7d73f637b962",
                               "name": "ServiceCluster",
                               "privileges": null
                           },
                           "privileges": null
                       }
                   ],
                   "authenticationMethod": 1,
                   "headerAuthenticationMode": 1,
                   "headerAuthenticationHeaderName": "userid",
                   "headerAuthenticationStaticUserDirectory": "QLIKDEMO",
                   "headerAuthenticationDynamicUserDirectory": "",
                   "anonymousAccessMode": 0,
                   "windowsAuthenticationEnabledDevicePattern": "Windows",
                   "sessionCookieHeaderName": "X-Qlik-Session-Header",
                   "sessionCookieDomain": "",
                   "additionalResponseHeaders": "",
                   "sessionInactivityTimeout": 30,
                   "extendedSecurityEnvironment": false,
                   "websocketCrossOriginWhiteList": [
                       "qlikdemo",
                       "qlikdemo.local"
                   ],
                   "defaultVirtualProxy": false,
                   "tags": [],
                   "samlMetadataIdP": "",
                   "samlHostUri": "",
                   "samlEntityId": "",
                   "samlAttributeUserId": "",
                   "samlAttributeUserDirectory": "",
                   "samlAttributeSigningAlgorithm": 0,
                   "samlAttributeMap": [],
                   "jwtAttributeUserId": "",
                   "jwtAttributeUserDirectory": "",
                   "jwtAudience": "",
                   "jwtPublicKeyCertificate": "",
                   "jwtAttributeMap": [],
                   "magicLinkHostUri": "",
                   "magicLinkFriendlyName": "",
                   "samlSlo": false,
                   "privileges": null
               }
           ],
           "formAuthenticationPageTemplate": "",
           "loggedOutPageTemplate": "",
           "errorPageTemplate": "",
           "schemaPath": "ProxyService.Settings"
       },
       "serverNodeConfiguration": {
           "id": "f1d26a45-b0dd-4be1-91d0-34c698e18047",
           "name": "Central",
           "hostName": "qlikdemo",
           "temporaryfilepath": "C:\\Users\\qservice\\AppData\\Local\\Temp\\",
           "roles": [
               {
                   "id": "2a6a0d52-9bb4-4e74-b2b2-b597fa4e4470",
                   "definition": 0,
                   "privileges": null
               },
               {
                   "id": "d2c56b7b-43fd-44ad-a12f-59e778ce575a",
                   "definition": 1,
                   "privileges": null
               },
               {
                   "id": "37244424-96ae-4fe5-9522-088a0e9679e3",
                   "definition": 2,
                   "privileges": null
               },
               {
                   "id": "b770516e-fe8a-43a8-a7a4-318984ee4bd6",
                   "definition": 3,
                   "privileges": null
               },
               {
                   "id": "998b7df8-195f-4382-af18-4e0c023e7f1c",
                   "definition": 4,
                   "privileges": null
               },
               {
                   "id": "2a5325f4-649b-4147-b0b1-f568be1988aa",
                   "definition": 5,
                   "privileges": null
               }
           ],
           "serviceCluster": {
               "id": "b07fc5f2-f09e-4676-9de6-7d73f637b962",
               "name": "ServiceCluster",
               "privileges": null
           },
           "privileges": null
       },
       "tags": [],
       "privileges": null,
       "schemaPath": "ProxyService"
   }

    

7. In the response, locate the formAuthenticationPageTemplate field
   
   
8. You can then take your base64 encoded HTML file, paste the value into the formAuthenticationPageTemplate field. 
   
   Example:
   
   "formAuthenticationPageTemplate": "BASE 64 ENCODED HTML HERE",
   
   Once you have an updated body, you can use the PUT verb (with an updated modifiedDate) to PUT this body back into the repository. Once this is done, you should be able to goto your virtual proxy and you should see your new login page (very Qlik branded in this example):
   
   
   
   

If your login page does not work and you need to revert back to the default, simply do a GET call on your proxy service, and set formAuthenticationPageTemplate back to an empty string:

formAuthenticationPageTemplate": ""

Environment:

Qlik Sense Enterprise on Windows 

The following article describes how to use Postman to make GET and PUT requests and verify the JSON output.

Prerequisites

• In this example, Postman resides outside the Qlik Sense servers, so the certificates need to be exported to make the API calls. Export the Certificates selecting "Platform independent PEM-format", the following article can be used as a reference, just make sure to select "Platform independent PEM-format" instead. Export client certificate and root certificate to make API calls
• For best practices, the user utilized for this sample is not the Service Account.
• It is necessary to create a new Tag in the QMC so we can later use it to add it to an existing object.
• Download Postman 
• This exercise was implemented using Qlik Sense April 2020 (13.72.3)

Environment:

• Qlik Sense Enterprise on Windows

The information in this article is provided as-is and to be used at own discretion. Depending on tool(s) used, customization(s), and/or other factors ongoing support on the solution below may not be provided by Qlik Support.

Resolution

Steps

1. Copy the Certificates to the server/computer where Postman is used.

2. Open Postman and go to menu "Settings" , In the General tab set "SSL certificate verification" to Off, In the Certificates Tab select "add Certificate" and set the path to the exported certs. The CRT file path will correspond to the path where the client.pem certificate resides, the Key file to the cleint_key.pem
   
   
   
   

Now Postman is ready to be used, this article describes how to make a GET and PUT request to add a tag to a sheet.

It is suggested to visit our Help site to verify the documentation about the API, in this case we will use

get /app/object/{id}
put /app/object/{id}

The URL would be
https://qlikserver1.domain.local:4242/qrs/app/object/aa73b22a-c933-4c26-aa2b-1e0947d708ab?xrfkey=12345678qwertyui
[Server] + [API end point] + [xrfkey]

The necessary headers would be :
X-Qlik-xrfkey = 12345678qwertyui
(this value needs to be the same provided in the URL xrfkey), for questions about xrfkey headers please refer to the following information: Using Xrfkey headers
X-Qlik-User = UserDirectory=DOMAIN;UserId=Administrator (this value would be the user to make the API calls)

Note that Postman will include xrfkey in the parameters section once the URL is pasted in the GET response.

Please refer to the following pictures to verify the configurations are correct.

GET

Postman Headers

Once is configured you can click the "Send" button, the Response will look like this:

PUT

In order to send the PUT method it is necessary to copy the JSON Response from the previous GET call and modify the necessary information, this need to be done carefully otherwise the request will return an error. The details can be found In our Qlik Site under "Updating an entry" section included here.

Sample (It will be necessary to include a comma if there are already tags associated to the object)

      {
            "id": "376e0283-3e5b-4968-bc55-2a19c4ba3b17",
            "name": "Tag3",
            "privileges": null
        }

Please refer to the following pictures to verify that the configurations are correct

PUT Header

PUT Body

Once the information is correct, select the "Send" button, and you should get a 200 OK Status.

We can verify the chances in the Qlik Sense Management Console, now the tag shows 1 Occurrence and the sheet shows the new tag.

When using Talend Administration Center, you may encounter the following message

Error: License token will expire in xx days

This message refers to the license token expiring, not the license itself.

Resolution

Talend Administration Center has Internet access

• TAC automatically validates the license token.
• No manual action required.

Talend Administration Center has no Internet access

If TAC does not have Internet connectivity, follow these steps

1. Go to Talend Administration Center page and click:
   • Validate your license manually OR
   • Generate Validation Request (button name depends on TAC version).
2. A popup window will display a validation link (e.g. https://www.talend.com/api/get_tis_validation_token_form.php).
3. Copy this link into a text file.
4. On a machine with Internet access:
   • Paste the link into a browser.
   • Retrieve the validation token (e.g. 5xEfMp1ozPyiDTTUqzUHI8K3Xuvqx/iipc+).
5. Return to TAC on the offline system.
6. In the popup window:
   • Paste the validation token.
   • Click Enter validation token.

Your license token is now validated manually.

Cause

Talend Administration Center (TAC) requires an Internet connection during license token validation and the license token must be periodically validated.

• If TAC has Internet access, the token is validated automatically.
• If TAC does not have Internet access, you must manually validate the license token.

Related Content 

• Refer to the generating-validation-request-without-internet-connection for more details.
• You can also configure notifications to alert administrators before the license token expiration date managing-notifications.

Summary

If TAC has Internet access, license token validation is automatic. If not, use the manual validation process by generating a request, retrieving the validation token from another machine, and pasting it back into TAC.

Environment

• Talend Administration Center 
• Talend Studio 

Environment

• Qlik Replicate 

If a Replicate task fails with the following error:

00008696: 2021-01-20T10:06:02:964052 [SOURCE_CAPTURE ]E: Cannot find archived REDO log with sequence '7204', thread '1' (oracdc_reader.c:412)

OR

00005624: 2020-06-02T17:05:23:665747 [SOURCE_CAPTURE ]E: Oracle CDC stopped [1022301] (oracdc_merger.c:1178)

Replicate is always reading V$archived_log to get the archived REDO information. The redo log needs to have an active/available status from the V$archived_log

Cause 

This means that Replicate is complaining that it cannot find the redo archive file.

Either

1. the Replicate Oracle Source Endpoint should be using a different Oracle DEST_ID;
2. the file does not exist on disk; or
3. the file exists but that the internal Oracle metadata in v$archived_log view says that it's not available.

The simplest explanation is that the redo log could just have been deleted before Replicate was able to process it.

Resolution

We recommend to at least keep it for 72 hours in case of unexpected weekend issues.

What you can do as well if you encounter an issue like this, is to restore the oracle redo log and then resume the task.

If the redo log cannot be restored, then you need to reload the entire task.

The event payloads emitted by the Qlik Cloud webhooks service are changing. Qlik is replacing a legacy event format with a new cloud event format.

Any legacy events (such as anything not already cloud event compliant) will be updated to a temporary hybrid event containing both legacy and cloud event payloads. This will start on or after November 3, 2025.

Please consider updating your integrations to use the new fields once added.

A formal deprecation with at least a 6-month notice will be provided via the Qlik Developer changelog. After that period, hybrid events will be replaced entirely by cloud events.

Webhook automations in Qlik Automate will not be impacted at this time.

Events impacted by this migration

The webhooks service in Qlik Cloud enables you to subscribe to notifications when your Qlik Cloud tenant generates specific events.

At the time of writing, the following legacy events are available:

Any events not listed above will remain as-is, as they already adhere to the cloud event format.

How are events changing

Each event will change to a new structure. The details included in the payloads will remain the same, but some attributes will be available in a different location.

The changes being made:

• All new property names will be lowercase, which may cause some duplication of existing properties within the data object.
• The following properties or objects will be updated:
  • cloudEventsVersion is replaced by specversion. For most events this will be from cloudEventsVersion: 0.1 to specversion: 1.0+.
  • contentType is replaced by datacontentype to describe the media type of the data object.
  • eventId is replaced by id.
  • eventTime is replaced by time.
  • eventTypeVersion is not present in the future schema.
  • eventType is replaced by type.
  • extensions.actor is replaced by authtype and authclaims.
  • extensions.updates is replaced by data._updates
  • extensions.meta, and any other direct objects on extensions are replaced by equivalents in data where relevant.
  • The direct properties of the extensions object will be moved to the root and renamed to be lowercase if needed, such astenantId,userId,spaceId, etc.

Example: Automation created event

This is the current legacy payload of the automation created event:

{
  "cloudEventsVersion": "0.1",
  "source": "com.qlik/automations",
  "contentType": "application/json",
  "eventId": "f4c26f04-18a4-4032-974b-6c7c39a59816",
  "eventTime": "2025-09-01T09:53:17.920Z",
  "eventTypeVersion": "1.0.0",
  "eventType": "com.qlik.v1.automation.created",
  "extensions": {
    "ownerId": "637390ef6541614d3a88d6c3",
    "spaceId": "685a770f2c31b9e482814a4f",
    "tenantId": "BL4tTJ4S7xrHTcq0zQxQrJ5qB1_Q6cSo",
    "userId": "637390ef6541614d3a88d6c3"
  },
  "data": {
    "connectorIds": {},
    "containsBillable": null,
    "createdAt": "2025-09-01T09:53:17.000000Z",
    "description": null,
    "endpointIds": {},
    "id": "cae31848-2825-4841-bc88-931be2e3d01a",
    "lastRunAt": null,
    "lastRunStatus": null,
    "name": "hello world",
    "ownerId": "637390ef6541614d3a88d6c3",
    "runMode": "manual",
    "schedules": {},
    "snippetIds": {},
    "spaceId": "685a770f2c31b9e482814a4f",
    "state": "available",
    "tenantId": "BL4tTJ4S7xrHTcq0zQxQrJ5qB1_Q6cSo",
    "updatedAt": "2025-09-01T09:53:17.000000Z"
  }
}

This will be the temporary hybrid event for automation created:

{
// cloud event fields
  "id": "f4c26f04-18a4-4032-974b-6c7c39a59816",
  "time": "2025-09-01T09:53:17.920Z",
  "type": "com.qlik.v1.automation.created",
  "userid": "637390ef6541614d3a88d6c3",
  "ownerid": "637390ef6541614d3a88d6c3",
  "tenantid": "BL4tTJ4S7xrHTcq0zQxQrJ5qB1_Q6cSo",
  "description": "hello world",
  "datacontenttype": "application/json",
  "specversion": "1.0.2",

// legacy event fields
  "eventId": "f4c26f04-18a4-4032-974b-6c7c39a59816",
  "eventTime": "2025-09-01T09:53:17.920Z",
  "eventType": "com.qlik.v1.automation.created",
  "extensions": {
    "userId": "637390ef6541614d3a88d6c3",
    "spaceId": "685a770f2c31b9e482814a4f",
    "ownerId": "637390ef6541614d3a88d6c3",
    "tenantId": "BL4tTJ4S7xrHTcq0zQxQrJ5qB1_Q6cSo",
  },
  "contentType": "application/json",
  "eventTypeVersion": "1.0.0",
  "cloudEventsVersion": "0.1",
  
// unchanged event fields
  "data": {
    "connectorIds": {},
    "containsBillable": null,
    "createdAt": "2025-09-01T09:53:17.000000Z",
    "description": null,
    "endpointIds": {},
    "id": "cae31848-2825-4841-bc88-931be2e3d01a",
    "lastRunAt": null,
    "lastRunStatus": null,
    "name": "hello world",
    "ownerId": "637390ef6541614d3a88d6c3",
    "runMode": "manual",
    "schedules": {},
    "snippetIds": {},
    "spaceId": "685a770f2c31b9e482814a4f",
    "state": "available",
    "tenantId": "BL4tTJ4S7xrHTcq0zQxQrJ5qB1_Q6cSo",
    "updatedAt": "2025-09-01T09:53:17.000000Z"
  },
  "source": "com.qlik/automations"
}

Timeline

• November 3, 2025: Hybrid events start emitting (combined legacy and cloud event payloads).
• At least 6 months after a formal deprecation notice: Legacy fields will be removed, leaving fully cloud events only.

Environment

• Qlik Cloud
• Qlik Cloud Government