I am encountering indexing errors in the Chronicle Ingestion Health Dashboard and would like to understand the specific scenarios or conditions that lead to these errors. Could you please provide insights on the possible causes of these errors, along with the count or frequency of occurrences, and any recommended steps to resolve or mitigate them?
Indexing errors are usually due to invalid values or a missing required field - https://cloud.google.com/chronicle/docs/unified-data-model/udm-usage#required_and_optional_fields. For example for the NETWORK_CONNECTION event type, we would expect both a principal and a target to be present. In the case of invalid values, that could be something like 10.1.1.001 being mapped as an IP.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.