Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Qlik offers a wide range of channels to assist you in troubleshooting, answering frequently asked questions, and getting in touch with our technical experts. In this article, we guide you through all available avenues to secure your best possible experience.
For details on our terms and conditions, review the Qlik Support Policy.
Index:
We're happy to help! Here's a breakdown of resources for each type of need.
Support | Professional Services (*) | |
Reactively fixes technical issues as well as answers narrowly defined specific questions. Handles administrative issues to keep the product up-to-date and functioning. | Proactively accelerates projects, reduces risk, and achieves optimal configurations. Delivers expert help for training, planning, implementation, and performance improvement. | |
|
|
(*) reach out to your Account Manager or Customer Success Manager
Your first line of support: https://community.qlik.com/
Looking for content? Type your question into our global search bar:
Leverage the enhanced and continuously updated Knowledge Base to find solutions to your questions and best practice guides. Bookmark this page for quick access!
Subscribe to maximize your Qlik experience!
The Support Updates Blog
The Support Updates blog delivers important and useful Qlik Support information about end-of-product support, new service releases, and general support topics. (click)
The Qlik Design Blog
The Design blog is all about product and Qlik solutions, such as scripting, data modelling, visual design, extensions, best practices, and more! (click)
The Product Innovation Blog
By reading the Product Innovation blog, you will learn about what's new across all of the products in our growing Qlik product portfolio. (click)
Q&A with Qlik
Live sessions with Qlik Experts in which we focus on your questions.
Techspert Talks
Techspert Talks is a free webinar to facilitate knowledge sharing held on a monthly basis.
Technical Adoption Workshops
Our in depth, hands-on workshops allow new Qlik Cloud Admins to build alongside Qlik Experts.
Qlik Fix
Qlik Fix is a series of short video with helpful solutions for Qlik customers and partners.
Suggest an idea, and influence the next generation of Qlik features!
Search & Submit Ideas
Ideation Guidelines
Get the full value of the community.
Register a Qlik ID:
Incidents are supported through our Chat, by clicking Chat Now on any Support Page across Qlik Community.
To raise a new issue, all you need to do is chat with us. With this, we can:
Log in to manage and track your active cases in the Case Portal. (click)
Please note: to create a new case, it is easiest to do so via our chat (see above). Our chat will log your case through a series of guided intake questions.
When creating a case, you will be prompted to enter problem type and issue level. Definitions shared below:
Select Account Related for issues with your account, licenses, downloads, or payment.
Select Product Related for technical issues with Qlik products and platforms.
If your issue is account related, you will be asked to select a Priority level:
Select Medium/Low if the system is accessible, but there are some functional limitations that are not critical in the daily operation.
Select High if there are significant impacts on normal work or performance.
Select Urgent if there are major impacts on business-critical work or performance.
If your issue is product related, you will be asked to select a Severity level:
Severity 1: Qlik production software is down or not available, but not because of scheduled maintenance and/or upgrades.
Severity 2: Major functionality is not working in accordance with the technical specifications in documentation or significant performance degradation is experienced so that critical business operations cannot be performed.
Severity 3: Any error that is not Severity 1 Error or Severity 2 Issue. For more information, visit our Qlik Support Policy.
If you require a support case escalation, you have two options:
When other Support Channels are down for maintenance, please contact us via phone for high severity production-down concerns.
A collection of useful links.
Qlik Cloud Status Page
Keep up to date with Qlik Cloud's status.
Support Policy
Review our Service Level Agreements and License Agreements.
Live Chat and Case Portal
Your one stop to contact us.
All candidates can review their exam history and score reports by logging into Pearson VUE and utilizing the “My Account” menu.
Qlik is partnering with Credly to provide digital badges and certificates for our Qlik Product Certifications. 24-48 hours after you pass your exam, you will receive an email from Credly. Follow the instructions in the email to accept your digital badge and access your certificate.
If you experience issues while accepting your digital badge, please contact Credly support.
More information, see: Certifications and Qualificiations
Please note that due to changes in how browsers handle third-party cookies, you may wish to instead leverage the new qlik-embed framework with OAuth2 for your embedding needs, rather than the guidance in this tutorial.
In Qlik Cloud Services (Qlik Sense Enterprise SaaS), it is possible to get the iFrame HTML code to embed a chart in a webpage by right-clicking that chart and choosing "embed chart".
However, just placing this code on a web page is not sufficient to handle the authentication part.
The information provided in this article provides an example of how this can be achieved. Further customization is likely necessary. For assistance, join our active community in the Integrations and Extensions forum or contact our Consulting Services for an engagement.
Environments:
The information in this article is provided as-is and to be used at own discretion. Depending on tool(s) used, customization(s), and/or other factors ongoing support on the solution below may not be provided by Qlik Support.
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="ie=edge">
<title>Document</title>
<script type="text/javascript">
const webIntegrationId = "g-yrbnOz9wV5-YnIqYLZMgfAxf_iKg30";
function login() {
function isLoggedIn() {
return fetch("https://yourtenant.eu.qlikcloud.com/api/v1/users/me", {
method: 'GET',
mode: 'cors',
credentials: 'include',
headers: {
'Content-Type': 'application/json',
'qlik-web-integration-id': webIntegrationId,
},
}).then(response => {
return response.status === 200;
});
}
return isLoggedIn().then(loggedIn => {
if (!loggedIn) {
// check login
window.top.location.href = "https://yourtenant.eu.qlikcloud.com/login?qlik-web-integration-id=" + webIntegrationId + "&returnto=" + top.location.href;
throw new Error('not logged in');
}
});
}
login()
</script>
</head>
<body style="height:600px;">
<iframe
src="https://yourtenant.eu.qlikcloud.com/single/?appid=9539b869-1c84-4e6d-9129-4c5b031ca88a&obj=WJhPv&opt=ctxmenu,currsel"
style="border:none;width:100%;height:100%;"></iframe>
</body>
</html>
const webIntegrationID = "IDGOESHERE";
<iframe>src="linktotheobjecthere"></iframe>
After upgrading to v8-R2025-01/02, a Talend Job containing both tRest and tRestClient components encounters an error as shown below:
- javax.ws.rs.client cannot be resolved to a type
- The type javax.ws.rs.client.ClientBuilder cannot be resolved. It is indirectly referenced from required type org.glassfish.jersey.client.JerseyClientBuilder
- javax.ws.rs.client.WebTarget cannot be resolved to a type
- javax.ws.rs.core.Response cannot be resolved to a type
- javax.ws.rs.client.Invocation cannot be resolved to a type
- javax.ws.rs.WebApplicationException cannot be resolved to a type
When tRest and tRestClient components are used together within a Job, a conflict arises in the implementation of the Rest API.
To resolve this issue, a temporary workaround as shown below is to use tLibraryLoad to load external jar files in the beginning of Job:
tPrejob --onComponentOK-> tLibrary (javax.ws.rs-api-2.1.jar) --onComponentOK-> tLibrary (javax.annotation-api-1.3.2.jar)
Note: If the aforementioned workaround proves effective, kindly remember to remove the tLibraryLoad components after installing the Studio v8-R2025-03 patch.
Alternatively, apply the Studio v8-R2025-03 patch.
QTDI-1208
QTDI-1300
Qlik Cloud is a modern analytics and data platform built on the same software engine as QlikView and Qlik Sense Client-Managed and adds significant value to empower everyone in an organization to make better decisions daily. Qlik Cloud allows you to use one common platform for all users – executives, decision-makers, and analysts.
Navigation:
Migrating to Qlik Cloud can help your organization:
Q&A with Qlik: Qlik Sense Migration to Qlik Cloud
Articles relevant to migration and new Qlik Cloud users
This site provides you the tools to monitor, manage, and execute a migration from Client-Managed Qlik Sense to Qlik Cloud.
Index and home
Planning your migration
Setting up the Qlik Cloud migration tools
Create and configure a cloud tenant
This site provides you the tools to begin your journey to move from QlikView to Qlik Sense and Qlik Cloud.
This Techspert Talks session covers:
- What to plan for
- Migration Pathways
- Cloud Best Practices
Chapters:
Resources:
A talend Job is experiencing a tGoogleDriveGet permission issue during credential file initialization in Talend Administration Center Application. It works well in side of Talend Studio.
Here is the error log below:
[ERROR] 15:55:50 org.talend.components.google.drive.runtime.GoogleDriveGetRuntime- D:\GDCredential\InterflourGDrive
[FATAL] 15:55:50 id_distributor_sellout.copy_of_getfile_v3__manohara_0_3.Copy_of_GetFile_V3__Manohara- tGoogleDriveGet_6 UNEXPECTED_EXCEPTION
org.talend.components.api.exception.ComponentException: UNEXPECTED_EXCEPTION
at org.talend.components.google.drive.runtime.GoogleDriveGetRuntime.getFile(GoogleDriveGetRuntime.java:87) ~[components-googledrive-runtime-0.37.42.jar:?]
at org.talend.components.google.drive.runtime.GoogleDriveGetRuntime.runAtDriver(GoogleDriveGetRuntime.java:60) ~[components-googledrive-runtime-0.37.42.jar:?]
at id_distributor_sellout.copy_of_getfile_v3__manohara_0_3.Copy_of_GetFile_V3__Manohara.tGoogleDriveGet_6Process(Copy_of_GetFile_V3__Manohara.java:673) [copy_of_getfile_v3__manohara_0_3.jar:?]
at id_distributor_sellout.copy_of_getfile_v3__manohara_0_3.Copy_of_GetFile_V3__Manohara$5.run(Copy_of_GetFile_V3__Manohara.java:2429) [copy_of_getfile_v3__manohara_0_3.jar:?]
Caused by: java.nio.file.AccessDeniedException: D:\Simon_Folder\GDCredential\InterflourGDrive
at sun.nio.fs.WindowsAclFileAttributeView.getFileSecurity(WindowsAclFileAttributeView.java:89) ~[?:?]
at sun.nio.fs.WindowsAclFileAttributeView.getOwner(WindowsAclFileAttributeView.java:122) ~[?:?]
at sun.nio.fs.FileOwnerAttributeViewImpl.getOwner(FileOwnerAttributeViewImpl.java:91) ~[?:?]
at com.google.api.client.util.store.FileDataStoreFactory.setPermissionsToOwnerOnlyWindows(FileDataStoreFactory.java:160) ~[google-http-client-1.38.0.jar:1.38.0]
at com.google.api.client.util.store.FileDataStoreFactory.<init>(FileDataStoreFactory.java:80) ~[google-http-client-1.38.0.jar:1.38.0]
at org.talend.components.google.drive.runtime.client.GoogleDriveCredentialWithInstalledApplication$Builder.<init>(GoogleDriveCredentialWithInstalledApplication.java:91) ~[components-googledrive-runtime-0.37.42.jar:?]
at org.talend.components.google.drive.runtime.client.GoogleDriveCredentialWithInstalledApplication$BuilderWithIdAndSecret.<init>(GoogleDriveCredentialWithInstalledApplication.java:128) ~[components-googledrive-runtime-0.37.42.jar:?]
at org.talend.components.google.drive.runtime.client.GoogleDriveCredentialWithInstalledApplication.builderWithIdAndSecret(GoogleDriveCredentialWithInstalledApplication.java:42) ~[components-googledrive-runtime-0.37.42.jar:?]
at org.talend.components.google.drive.runtime.GoogleDriveRuntime.getCredential(GoogleDriveRuntime.java:164) ~[components-googledrive-runtime-0.37.42.jar:?]
at org.talend.components.google.drive.runtime.GoogleDriveRuntime.getDriveService(GoogleDriveRuntime.java:178) ~[components-googledrive-runtime-0.37.42.jar:?]
at org.talend.components.google.drive.runtime.GoogleDriveRuntime.getDriveUtils(GoogleDriveRuntime.java:186) ~[components-googledrive-runtime-0.37.42.jar:?]
at org.talend.components.google.drive.runtime.GoogleDriveGetRuntime.getFile(GoogleDriveGetRuntime.java:66) ~[components-googledrive-runtime-0.37.42.jar:?]
... 3 more
Ensure that the credential file owner matches the user who are running Jobserver to prevent permission access exceptions.
Please use the following command to set owner in Windows
icacls D:\GDCredential /setowner "SYSTEM" /t /l
The Error logs indicates that when tGoogleDriveGet component initializes the credential file, the new API design will verify the owner and modify ACL permissions. Since the credential file was configured using a non-Jobserver-running user, a permission exception occurs.
com.google.api.client.util.store.FileDataStoreFactory.setPermissionsToOwnerOnlyWindows
FileOwnerAttributeViewImpl.getOwner
Qlik Answers is Qlik's personalized AI assistant that generates on-point answers from your own trusted business content. See this article to learn how to get started with Qlik Answers
This connector unlocks new powerful use cases like indexing new data ad-hoc and taking your action oriented automations to the next level by including unstructured insights. This article explains how the Qlik Answers connector in Qlik Application Automation can be used.
Article contents
This connector does not require additional configuration to authenticate, it will automatically connect to the automation owner's Qlik account. Whenever blocks of this connector are executed, they will use that account.
For this connector's first release, we will introduce blocks that can re-index knowledge bases and ask questions to an assistant. We will deliver more blocks in future releases, do not hesitate to request new blocks through Ideation.
This use case focuses on ad-hoc updates to the knowledge base. The creation and initial configuration of a knowledge base should happen through the Qlik Answers UI as described here:
Once your knowledge base is configured and you've set up a data connection to a cloud storage location, you can then use Qlik Application Automation to add specific files to the Cloud Storage location and trigger a re-indexing. This could be useful in scenarios when you only want to index specific records that might depend on a context.
For this use case, you can use the blocks Add Data Source To A Knowledge Base and Sync Knowledge Base Data Source. The below example will fetch incidents from ServiceNow, store them in a Dropbox folder and then add the Dropbox folder as a data source to a Knowledge Base in Qlik Answers. After this, the data source will be synced to the knowledge base index.
By using the blocks Create Thread and Execute Synchronous Prompt, you can ask questions from an assistant to enrich other messages that are sent through automations with unstructured insights. In the below example, these blocks are added to the existing "Notify your team on Microsoft Teams based on a measure" template that can be found in the template picker:
Don't ask a question immediately after indexing. Asking a question should be done after the knowledge base has completed indexing successfully.
Environment
The information in this article is provided as-is and will be used at your discretion. Depending on the tool(s) used, customization(s), and/or other factors, ongoing support on the solution below may not be provided by Qlik Support.
Running a Talend Job using a key pair authentication for Snowflake fails with the exception:
Starting job Snowflake_CreateTable at 09:21 19/07/2021. [statistics] connecting to socket on port 3725 [statistics] connected Exception in component tDBConnection_2 (Snowflake_CreateTable) java.lang.RuntimeException: java.io.IOException: Missing Keystore location at edw_demo.snowflake_createtable_0_1.Snowflake_CreateTable.tDBConnection_2Process(Snowflake_CreateTable.java:619) at edw_demo.snowflake_createtable_0_1.Snowflake_CreateTable.runJobInTOS(Snowflake_CreateTable.java:3881) at edw_demo.snowflake_createtable_0_1.Snowflake_CreateTable.main(Snowflake_CreateTable.java:3651) [FATAL] 09:21:38 edw_demo.snowflake_createtable_0_1.Snowflake_CreateTable- tDBConnection_2 java.io.IOException: Missing Keystore location java.lang.RuntimeException: java.io.IOException: Missing Keystore location at edw_demo.snowflake_createtable_0_1.Snowflake_CreateTable.tDBConnection_2Process(Snowflake_CreateTable.java:619) [classes/:?] at edw_demo.snowflake_createtable_0_1.Snowflake_CreateTable.runJobInTOS(Snowflake_CreateTable.java:3881) [classes/:?] at edw_demo.snowflake_createtable_0_1.Snowflake_CreateTable.main(Snowflake_CreateTable.java:3651) [classes/:?]
The Keystore path is not configured correctly at the Job or Studio level before connecting to Snowflake on the metadata and using the same metadata connection in the Jobs.
To use key pair authentication for Snowflake, they Keystone settings must be configured in Talend Studio before connecting to Snowflake.
Perform one of the following options.
Update the appropriate Studio initialization file (Talend-Studio-win-x86_64.ini,Talend-Studio-linux-gtk-x86_64.ini,or Talend-Studio-macosx-cocoa.ini depending on your operating system), with the following settings:
-Djavax.net.ssl.keyStore={yourPathToKeyStore} -Djavax.net.ssl.keyStoreType={PKCS12}/{JKS} -Djavax.net.ssl.keyStorePassword={keyStorePassword}
Update the Keystore configuration in Studio SSL preferences with the required Path, Password, and Keystore Type.
Add the Key Alias to the Snowflake metadata.
Update the tSetKeystore components in your Job, if you plan to run the Job when the target execution is local, Remote Engine, or JobServer (the versions do not matter). Before selecting the Key Pair option for the tSnowflakeConnection component, configure the key pair authentication on the Basic settings tab of the tSetKeystore component:
Select JKS from the TrustStore type pull-down list.
Enter " " in the TrustStore file field.
Clear the TrustStore password field.
Select the Need Client authentication check box.
Enter the path to the Keystore file in double quotation marks in the KeyStore file field.
Enter the Keystore password in the KeyStore password field.
With a Unified license (formerly called Dual Use License) the legacy QlikView license is complemented with a Qlik Sense license that can be applied to the QlikView server as it includes QlikView entitlement license attributes. Such license needs to be activated with the Signed License Key (SLK). When a customer enters an Analytics Modernization Program (AMP, formerly known as Dual Use program), QlikView CALs (e.g. Named User CALs, Document CALS, Session CALs and Usage CALs) are converted into Professional User, Analyzer User, and Analyzer Capacity User allocations based on the Analytics Modernization Program conversion ratios.
I. If a customer transitions to AMP with on-premise (client-managed) Qlik software (e.g. converts to the perpetual estate or convert to subscription Qlik Sense Enterprise on Windows), a Unified License containing the converted quantity of Professional Users, Analyzer Users and Analyzer Capacity would be delivered. This license contains a customized Qlik Sense Enterprise Signed License Key (SLK) which can also be deployed on QlikView Server and/or QlikView Publisher. If a user is assigned a Professional or Analyzer user license, this assignment information is synchronized to all Qlik Sense and QlikView deployments activated using this Unified License key. As such one user just needs one license to access the entire Qlik software platform (regardless if it is Qlik Sense or QlikView).
In this scenario, as long as the QlikView Server and Qlik Sense edition use the same Identity Provider (IdP) the user can access apps on both environments consuming only one user license allocation.
If the user license is reallocated in any of the systems to a different user, the same will occur across both QlikView and Qlik Sense environments.
II. If a customer transitions to AMP with Qlik Sense Enterprise SaaS add-on, a Qlik Sense Enterprise SaaS tenant may use a Unified License for the on-premise deployment. The customer is able to upload QlikView document prepared by the on-premise QlikView software directly into Qlik Sense Enterprise SaaS for distribution.
A QlikView Server or a Qlik Publisher software can be activated in two ways:
1) Using a legacy method with 16-digit QlikView license key and the corresponding control number
2) Using a modern Unified License with Signed License Key containing needed QlikView Server and Publisher Service attribute(s). In this latter scenario, user license assignment (Professional/Analyzer) and analyzer capacity would be synchronized with other deployments using the same Signed License Key as it is done in the Unified License model
If the customer opts to remain in Perpetual licensing, the existing QlikView license model can be retained. Otherwise, if the customer opts for conversion into Subscription licensing model, a set of QlikView subscription license attributes mirroring the existing QlikView perpetual license key setup would be delivered such that the customer switch to the subscription QlikView keys without the need for an immediate migration project towards using Unified licensing.
Note: Please note that Qlik is no longer starting clients on the Perpetual license model. See End of Perpetual License Sales
This article provides step-by-step instructions for implementing Azure AD as an identify provider for Qlik Cloud. We cover configuring an App registration in Azure AD and configuring group support using MS Graph permissions.
It guides the reader through adding the necessary application configuration in Azure AD and Qlik Sense Enterprise SaaS identity provider configuration so that Qlik Sense Enterprise SaaS users may log into a tenant using their Azure AD credentials.
Content:
Throughout this tutorial, some words will be used interchangeably.
The tenant hostname required in this context is the original hostname provided to the Qlik Enterprise SaaS tenant.
Copy the "value of the client secret" and paste it somewhere safe.After saving the configuration the value will become hidden and unavailable.
In the OpenID permissions section, check email, openid, and profile. In the Users section, check user.read.
Failing to grant consent to GroupMember.Read.All may result in errors authenticating to Qlik using Azure AD. Make sure to complete this step before moving on.
In this example, I had to change the email claim to upn to obtain the user's email address from Azure AD. Your results may vary.
While not hard, configuring Azure AD to work with Qlik Sense Enterprise SaaS is not trivial. Most of the legwork to make this authentication scheme work is on the Azure side. However, it's important to note that without making some small tweaks to the IdP configuration in Qlik Sense you may receive a failure or two during the validation process.
For many of you, adding Azure AD means you potentially have a bunch of clean up you need to do to remove legacy groups. Unfortunately, there is no way to do this in the UI but there is an API endpoint for deleting groups. See Deleting guid group values from Qlik Sense Enterprise SaaS for a guide on how to delete groups from a Qlik Sense Enterprise SaaS tenant.
Qlik Cloud: Configure Azure Active Directory as an IdP
A user as developer role cannot log in to Talend Cloud and SSO was enabled for Talend Cloud in the environment.
Based on the error below, it appears the user lacks the necessary permissions on the Single Sign-On (SSO) provider's end.
Error: Your Administrator has configured the application Talend Cloud to block the users. The signed in user is blocked and doen't have the access to the application
SSOPermissionMissing
Qlik Web Connectors allows loading Excel files (xls, xlsx) hosted in online file storage services such as Box, Dropbox, Google Drive and OneDrive directly into QlikView and Qlik Sense without having to save the file to disk first.
Different methods need to be applied to fetch files depending on what edition of Qlik Sense is used.
Note that the in-built Web Connectors are available are:
Unavailable at the moment are:
To connect to, for example an excel file, stored on Google Drive:
More information: Managing data sources in spaces.
You can add data files and data connections directly in shared and personal spaces. This enables data sources to be added outside of apps for use by other space members.
We use the query GetRawFileAsBinary of the appropriate connector in Qlik Web Connectors.
Once the binary content is sucessfully loaded in Qlik Web Connectors web console, you can create a webfile connection in QlikView or Qlik Sense to load data from Qlik Web Connectors.
In QlikView:
SaaS Topics:
Managing data sources in spaces.
Built-in Qlik Web Connectors
STT - Reloading Your Data in Qlik Sense Business
WebConnectors (not SaaS):
Data sources included in Qlik Web Connectors
Google Drive and Spreadsheets
OneDrive
Dropbox
Qlik Web Connectors authentication fails with error "Could not establish trust relationship for the SSL/TLS secure channel"
Recent versions of Qlik connectors have an out-of-the-box value of 255 for their DefaultStringColumnLength setting.
This means that, by default, any strings containing more than 255 characters is cut when imported from the database.
To import longer strings, specify a higher value for DefaultStringColumnLength.
This can be done in the connection definition and the Advanced Properties, as shown in the example below.
The maximum value that can be set is 2,147,483,647.
A scheduled Qlik Replicate task does not show up in the Executed Jobs list.
This is working as intended. The Executed Jobs tab will only show executed jobs that were scheduled to run once only. In other words, jobs scheduled to run periodically (e.g. Daily, Weekly, Monthly) will not be shown.
See Scheduling jobs.
Advanced options is not visible when editing a sheet. This can happen on a specific app even if the option was present before.
You can activate the "Show Sheet Header" option in the app settings to make the "Advanced option" button visible again.
For some reasons, the "Show Sheet Header" could be deactivated in an app. "Advanced Options" is invisible when this happens, because it is located in the sheet header that is removed. The app looks like this in editing mode:
For better performance of Talend Runtime Server, you could uninstall Kar files to free up storage space.
This article briefly introuduces How to uninstall kar files from Talend Runtime Server
Prerequiste
For command
kar:uninstall
It is a command used to uninstall a KAR file (identified by a name).
By uninstall, it means that:
For instance, to uninstall the previously installed my-kar-1.0-SNAPSHOT.kar
KAR file:
karaf@root()> kar:uninstall my-kar-1.0-SNAPSHOT
Talend Runtime Server
Please run the following karaf commands to clean Kar files from your Repository
#stop running artifact task
bundle:list |grep -i <artifact-name>
bundle:uninstall <artifact-name | bundle-id>
#clean task kar cache
kar:list |grep -i <artifact-name>
kar:uninstall <artifact-name>
For more information about KAR file, please refer to Apache Content
kar:* commands to manage KAR archives.
There may be several different symptoms associated with a need to regenerate and redistribute certificates;
This article does not cover the use of a 3rd party certificate for end user Hub access, but the certificates used for communication between the Sense services. For recommendation on how to use a 3rd party certificate for end user access, see How to: Change the certificate used by the Qlik Sense Proxy to a custom third party certificate
Do not perform the below steps in a production environment, without first doing a backup of the existing certificates. Certificates are being used to encrypt information in the QRS database, such as connection strings. By recreating certificates, you may lose information in your current setup.
By removing the old/bad certificates, and restarting the Qlik Sense Repository Service (QRS), the correct certificates can be recreated by the service. If trying to remove certs, only the removal steps need to be followed.
The instructions are to be carried out on the Qlik Sense Central Node. In the case of a multi-node deployment, verify which node is the central node before continuing.
If the current central node role is held by the failover, you need to fail the role back to the original central node by shutting down all the nodes (this implies downtime). Then start the original central node, reissue the certificates on it with this article, and when the central node is working apply the article Rim node not communicating with central node - certificates not installed correctly on each Rim node.
Test all data connections after the certificates are regenerated. It is likely that data connections with passwords will fail. This is because passwords are saved in the repository database with encryption. That encryption is based on a hash from the certificates. When the Qlik Sense signed certificates are regenerated, this hash is no longer valid, and the saved data connection passwords can not be decrypted. The customer must re-enter the passwords in each data connection and save. See article: Repository System Log Shows Error "Not possible to decrypt encrypted string in database"
There is no need to perform a full reinstall to propagate new certificates. Certificates are created by the QRS automatically if not found during the service startup process.
The steps in this section must be performed after recreating certificates as described above.
Execute following query against SenseServices database:
DROP TABLE IF EXISTS hybrid_deployment_service.mt_doc_asymmetrickeysencrypt CASCADE;
Navigate to Deployments page of Multi-cloud Setup Console (MSC).
Delete and re-add any existing deployments by following the steps mentioned in Distributing apps from Qlik Sense Enterprise on Windows to Qlik Sense Enterprise SaaS and Distributing apps to Qlik Sense Enterprise on Kubernetes.
After the certificates have been recreated and then redistributed to all of the rim nodes, the node.js certificates stored locally on the central and all rim nodes also need to be recreated. Follow the below steps to perform this action:
Test all data connections after the certificates are rebuilt. It is likely that data connections with passwords will fail. This is because passwords are saved in the repository database with encryption. That encryption is based on a hash from the certs. When the Qlik Sense self-signed cert is rebuilt, this hash is no longer valid, and so the saved data connection passwords will fail. The customer must re-enter the passwords in each data connection and save. See article: Repository System Log Shows Error "Not possible to decrypt encrypted string in database"
Notice if using an official Signed Server Certificate from a trusted Certificate Authority
The certificate information will also be in the QMC, under Proxies, with the Certificate thumbprint listed. If trying to merely remove all aspects of certs, this will need to be removed as well.
If the above does not work, see Qlik Sense Enterprise Hub and Qlik Management Console (QMC) down - bootstrap fails with "Newly created client certificate not valid; root certificate can't sign new certificates"
The information in this article is provided as-is and to be used at own discretion. Depending on tool(s) used, customization(s), and/or other factors ongoing support on the solution below may not be provided by Qlik Support.
On my Source table from Oracle, I am using the source lookup function under Data Enrichment in order to retrieve the Oracle ROWID field value. Not all fields are logged by oracle into the Redo Logs. In the case of ROWID we will use a source lookup function to query the source table and retrieve the field value, putting it into the Add Column that we defined and called ROWID. This source lookup function is documented in the replicate user guide and the on-line help.
source_lookup(TTL,'SCHM','TBL','EXP','COND',COND_PARAMS) |
source_lookup('NO_CACHING','HR','EMPLOYEES','ROWID','EMPLOYEE_ID=:1',$EMPLOYEE_ID) |
NO_CACHING is important to ensure it keeps changing for each value and doesn’t re-use values
HR is the schema in oracle
EMPLOYEES is the table
ROWID is what I want returned
EMPLOYEE_ID=:1 is the predicate for the lookup
$EMPLOYEE_ID is the value from the redo log that we are using in the predicate in place of :1
NOTE: If the source lookup needed more than one field in the key then:
(Multiple variables would look like: 'EMPLOYEE_ID=:1 AND DEPARTMENT_ID=:2)
$EMPLOYEE_ID, $DEPARTMENT_ID (in this example we are using field values that the task has read from the redo log file.
NOTE: That the lookup may have a performance implication and will need to be tested to see if it meets all of your latency criteria. Please also note that the Oracle ROWID is not guaranteed to persist. Traditional Oracle ROWID's can change if a table is quiesced or rebuilt with dbms_redefinition.
This expression is created for the Add Column transformation ROWID as seen in the screen shot below.
Transformation Screen shot
NOTE: Unfortunately data enrichment function can not be tested on the screen, they must be saved and the task run for the transformation to be tested.
The screen shot below shows the target table with the ROWID field after the task has run.
Target Table with ROWID field
Beginning with Qlik Sense Enterprise on Windows 2024, Qlik has extended CSRF protection to WebSockets. For reference, see the Release Notes.
In the case of mashups, extensions,and or other cross-site domain setups, the following two steps are necessary:
Content
The three additional response headers are:
Access-Control-Allow-Origin: https://localhost:8080
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: qlik-csrf-token
Localhost and port 8080 are examples. Replace them with the appropriate hostname. Defining the port is optional.
If you have multiple origins, seperate them by comma.
Example:
For more information about adding response headers to the Qlik Sense Virtual proxy, see Creating a virtual proxy. Expand the Advanced section to access Additional response headers.
In certain scenarios, the additional headers on the virtual proxy will not be enough and a code change is required. In these cases, you need to request the CSRF token and then send it forward when opening the session on the WebSocket. See Workflow for a visualisation of the process.
An example written in Enigma.js is available here:
The information and example in this article are provided as-is and are not directly supported by Qlik Support. More assistance can be found on the Qlik Integration forum. Professional Services are available to help where needed.
Workflow
To verify if the header information is correctly passed on, capture the web traffic in your browser's debug tool.
Environment