Skip to main content

I want to use BindPlane agent to send Windows Event logs to Chronicle as in here: https://cloud.google.com/chronicle/docs/ingestion/use-bindplane-agent

After following the instructions, I get "Invalid Argument" error in the Open Telemetry collector log.
I am struggling to make this work. Can someone point me in the right direction?

Some of the things I see in the error log are the following:
"level":"error",
"caller":"internal/queue_sender.go:92",
"msg":"Exporting failed. Dropping data.",
"kind":"exporter,
"data_type":"logs","name":"chronicle","error":"not retryable error: upload to chronicle: Permanent error: upload logs to chronicle: rpc error:
code = InvalidArgument desc = Request contains an invalid argument."

According to my research, the problem may be related to invalid log type but I don't think this is the reason.

This is an example of my config.yaml
receivers:
windowseventlog/security:
channel: security
raw: true
windowseventlog/system:
channel: system
raw: true

processors:
batch:

exporters:
chronicle/winevtlog:
endpoint: malachiteingestion-pa.googleapis.com
creds: '{
"type": "service_account",
"project_id": "malachite-projectname",
"private_key_id": "abcdefghijklmnopqrstuvwxyz123456789",
"private_key": "-----BEGIN PRIVATE KEY-----abcdefg-----END PRIVATE KEY-----\\n",
"client_email": "account@malachite-projectname.iam.gserviceaccount.com",
"client_id": "123456789123456789",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://oauth2.googleapis.com/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/account%40malachite-projectname.iam.gserviceaccount.com",
"universe_domain": "googleapis.com"
}'
log_type: 'WINEVTLOG'
override_log_type: false
raw_log_field: body
customer_id: 'dddddddd-dddd-dddd-dddd-dddddddddddd'

service:
pipelines:
logs/winevtlog:
receivers:
- windowseventlog/security
- windowseventlog/system
processors:
- batch
exporters:
- chronicle/winevtlog

Hello @luisq 

Thanks for reaching out on this issue.  In looking at the config.yaml for my personal lab, I've noticed that I under exporters, I have mine set to log_type: 'UDM' 

I know this was an issue for me before, please let us know if this helps you.  

Hello @luisq 

Thanks for reaching out on this issue.  In looking at the config.yaml for my personal lab, I've noticed that I under exporters, I have mine set to log_type: 'UDM' 

I know this was an issue for me before, please let us know if this helps you.  


Hello @Rob_P thanks for the suggestion. I changed log_type to 'UDM'  and restarted the service, but the result was the same. Error description: "Request contains an invalid argument"   I also tried changing override_log_type: true  but also no luck

@luisq Check the endpoint. Depending on what region SecOps is deployed in, "malachiteingestion-pa.googleapis.com" as seen in the config above may be incorrect. See: https://cloud.google.com/chronicle/docs/reference/ingestion-api#regional_endpoints

Thank you @brodsky  this was the issue. After I changed the regional endpoint to match chronicle, it finally worked.

i have faced the same issue and now i have resolved the issue with your solution
thank you @brodsky 

HI @luisq we just embedded our Bindplane and Data Pipeline Management webinar. Check it out here. Hopefully it helps with some of your other uses cases as you leverage these features. 

Reply


Terms & ConditionsCookie settings
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.