Monitoring Data Ingestion Health - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Administrator Guide

Cortex XSIAM
Creation date
Last date published
Administrator Guide

Learn more about Data Ingestion Health monitoring.

Cortex XSIAM collects granular data ingestion metrics that provide an insight into the data ingestion pipeline. With these metrics you can trace data collection from a specific source, and breakdown by data source attributes such as Collector Name and Final Reporting Device.

You can use these metrics in Cortex Query Language (XQL) queries to investigate disruption and degradation in log collection. You can also create correlation rules that use your own data ingestion logic to trigger alerts when disruption occurs for a specific data source within a specific timeframe.

In addition, Cortex XSIAM has a built-in data ingestion monitoring and alerts mechanism that monitors the availability and overall health of data collection in your environment. This mechanism monitors data ingestion per data source along the data ingestion pipeline, identifies disruptions in data collection, and creates ingestion alerts. For more information about defining the settings for this feature, including UI notifications, see Set up Your Environment.

For more information, see the following topics: