Skip to main content

Hi All,

We are observing recurring error logs in the Microsoft Azure Sentinel Incident Connector v2:

“Failed to fetch backlog incident 37014. Error: Incident with number 37014 was not found.”

This error is being logged continuously, with hundreds of entries generated within a 15-minute window. The issue persists as of today, 3rd October.

Background on Incident 37014:

  • The incident was triggered and closed on 13th July 2025 in Sentinel.
  • However, it was not ingested into SOAR, and the reason for this is unclear.
  • Notably, adjacent incidents such as 37013 and 37015 were successfully ingested and corresponding SOAR cases were created.

Please advise on how we can proceed with resolving or suppressing this error.

I would recommend opening a support case here.  They can help perform the surgery needed on the connector service and its state file.

Terms & ConditionsCookie settingsAccessibility statement
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.