Skip to main content

I am using both apis to send logs to Chronicle. 

  1. POST https://malachiteingestion-pa.googleapis.com/v2/udmevents:batchCreate
  2. POST https://malachiteingestion-pa.googleapis.com/v2/unstructuredlogentries:batchCreate

I am creating batch of logs of less than 1 mb. The first API udmevents is working fine with this approach but the unstructedlogenteries is giving me error of max payload size.

while In Documentaion the max payload size mention is 4mb. https://cloud.google.com/chronicle/docs/reference/ingestion-api

Can someone please help ? TIA

Max payload size for that unstructuredlogentries:batchCreate endpoint is 1048576 bytes.  I'll work with the doc team to get the documentation corrected.

The 4mb limit is actually for any of the newer dataplane based ingest methods, so would apply for webhooks or logs:import (Use this endpoint with caution as it is currently in alpha preview)

Thanks @JeremyLand . Got confused due to the documentation.

Reply


Terms & ConditionsCookie settings
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.