This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Announcements
Check out the new Professional Security Operations Engineer certification beta!
Log in to ask a question

Indexing Error in Data Ingestion and health dashborad

Posted on 03-28-2025 12:01 AM
Surendrasumith
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

I am encountering indexing errors in the Chronicle Ingestion Health Dashboard and would like to understand the specific scenarios or conditions that lead to these errors. Could you please provide insights on the possible causes of these errors, along with the count or frequency of occurrences, and any recommended steps to resolve or mitigate them?

Surendrasumith_0-1743145288035.png

 

 

Solved Solved
0 1 265
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
cmorris
Staff
Reply posted on --/--/---- --:-- AM

Indexing errors are usually due to invalid values or a missing required field - https://cloud.google.com/chronicle/docs/unified-data-model/udm-usage#required_and_optional_fields. For example for the NETWORK_CONNECTION event type, we would expect both a principal and a target to be present. In the case of invalid values, that could be something like 10.1.1.001 being mapped as an IP.

View solution in original post

Jump to Solution
1 REPLY 1

Posted on --/--/---- --:-- AM
cmorris
Staff
Reply posted on --/--/---- --:-- AM

Indexing errors are usually due to invalid values or a missing required field - https://cloud.google.com/chronicle/docs/unified-data-model/udm-usage#required_and_optional_fields. For example for the NETWORK_CONNECTION event type, we would expect both a principal and a target to be present. In the case of invalid values, that could be something like 10.1.1.001 being mapped as an IP.

Jump to Solution
Top Solution Authors
View all