Skip to main content
Solved

What is the max body size of unstructuredlogentries api used to send being sent to Google Chronicle?

  • May 12, 2025
  • 2 replies
  • 77 views
V
Forum|alt.badge.img+1

I am using both apis to send logs to Chronicle. 

  1. POST https://malachiteingestion-pa.googleapis.com/v2/udmevents:batchCreate
  2. POST https://malachiteingestion-pa.googleapis.com/v2/unstructuredlogentries:batchCreate

I am creating batch of logs of less than 1 mb. The first API udmevents is working fine with this approach but the unstructedlogenteries is giving me error of max payload size.

while In Documentaion the max payload size mention is 4mb. https://cloud.google.com/chronicle/docs/reference/ingestion-api

Can someone please help ? TIA

Best answer by JeremyLand

Max payload size for that unstructuredlogentries:batchCreate endpoint is 1048576 bytes.  I'll work with the doc team to get the documentation corrected.

The 4mb limit is actually for any of the newer dataplane based ingest methods, so would apply for webhooks or logs:import (Use this endpoint with caution as it is currently in alpha preview)

2 replies

JeremyLand
Staff
Forum|alt.badge.img+7
  • JeremyLand
  • Staff
  • Answer
  • May 14, 2025

Max payload size for that unstructuredlogentries:batchCreate endpoint is 1048576 bytes.  I'll work with the doc team to get the documentation corrected.

The 4mb limit is actually for any of the newer dataplane based ingest methods, so would apply for webhooks or logs:import (Use this endpoint with caution as it is currently in alpha preview)

    V
    Forum|alt.badge.img+1
    • vipulkr
    • Author
    • New Member
    • May 15, 2025

    Thanks @JeremyLand . Got confused due to the documentation.

    Terms & ConditionsCookie settingsAccessibility statement
    Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

    © 2025 Google. All rights reserved.