Skip to main content
Solved

Chronicle API – What are the possible error codes for ruleExecutionErrors.list?

  • September 14, 2025
  • 6 replies
  • 65 views
vanitharaj1208
Forum|alt.badge.img+14

Hi everyone,

I’m using the Chronicle REST API method ruleExecutionErrors.list to troubleshoot rule execution issues.

In the API response, I’ve seen error messages like:

"error": { "code": 3, "message": "too many ORs or ANDs" }

I’m trying to understand what other error codes (besides 3) can be returned by this method, and what each one typically means.

Has anyone come across a list of possible error codes/messages for rule execution errors in Chronicle, or could share examples they’ve encountered?

Thanks in advance!

Best answer by cmmartin_google

The message part of the error is not publicly documented unfortunately, beyond the high level code enum (as linked, e.g., 3 is invalid argument)

matthewnichols

6 replies

vanitharaj1208
Forum|alt.badge.img+14
  • vanitharaj1208Silver 2
  • Author
  • Silver 2
  • September 15, 2025

Hi All,

 

I just want to know what are other possible error codes.

 

can anyone answer 

kentphelps
Staff
Forum|alt.badge.img+11
  • kentphelps
  • Staff
  • September 15, 2025

How many logical operators do you have in your UDM search query?  There is a limit of 169: 
https://cloud.google.com/chronicle/docs/investigation/udm-search-best-practices

vanitharaj1208
Forum|alt.badge.img+14
  • vanitharaj1208Silver 2
  • Author
  • Silver 2
  • September 16, 2025

Hi ​@kentphelps , Im looking for all the other possible error and error code just for info

cmmartin_google
Staff
Forum|alt.badge.img+11

The codes are standard Google API response status, of which the documentation is available here:

https://developers.google.com/actions-center/reference/grpc-api/status_codes

 

I previously wrote a blog on the topic and captured a couple more examples - https://medium.com/@thatsiemguy/automated-yl2-rule-error-notifications-with-soar-f7ded295dea3

 

The response message itself however I do not see is documented.

kentphelps
vanitharaj1208
Forum|alt.badge.img+14
  • vanitharaj1208Silver 2
  • Author
  • Silver 2
  • September 16, 2025

Hi ​@cmmartin_google ,

 

let me rephrase my question …

In screenshot we can see that code 3 is “too many ORs or ANDs” so similarly i want to know what are other code 1,2,4,5, etc and their code messages so i know list of ruleExecutionErrors

 

cmmartin_google
Staff
Forum|alt.badge.img+11

The message part of the error is not publicly documented unfortunately, beyond the high level code enum (as linked, e.g., 3 is invalid argument)

Terms & ConditionsCookie settingsAccessibility statement
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.