Skip to main content

Hi everyone,

I’m using the Chronicle REST API method ruleExecutionErrors.list to troubleshoot rule execution issues.

In the API response, I’ve seen error messages like:

"error": { "code": 3, "message": "too many ORs or ANDs" }

I’m trying to understand what other error codes (besides 3) can be returned by this method, and what each one typically means.

Has anyone come across a list of possible error codes/messages for rule execution errors in Chronicle, or could share examples they’ve encountered?

Thanks in advance!

Hi All,

 

I just want to know what are other possible error codes.

 

can anyone answer 

How many logical operators do you have in your UDM search query?  There is a limit of 169: 
https://cloud.google.com/chronicle/docs/investigation/udm-search-best-practices

Hi ​@kentphelps , Im looking for all the other possible error and error code just for info

The codes are standard Google API response status, of which the documentation is available here:

https://developers.google.com/actions-center/reference/grpc-api/status_codes

 

I previously wrote a blog on the topic and captured a couple more examples - https://medium.com/@thatsiemguy/automated-yl2-rule-error-notifications-with-soar-f7ded295dea3

 

The response message itself however I do not see is documented.

Hi ​@cmmartin_google ,

 

let me rephrase my question …

In screenshot we can see that code 3 is “too many ORs or ANDs” so similarly i want to know what are other code 1,2,4,5, etc and their code messages so i know list of ruleExecutionErrors

 

The message part of the error is not publicly documented unfortunately, beyond the high level code enum (as linked, e.g., 3 is invalid argument)

Terms & ConditionsCookie settingsAccessibility statement
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.