Learn more about Data Ingestion Health monitoring.
Cortex XSIAM collects granular data ingestion metrics that provide an insight into the data ingestion pipeline. With these metrics you can trace data collection from a specific source, and breakdown by data source attributes such as Collector Name and Final Reporting Device.
You can use these metrics in Cortex Query Language (XQL) queries to investigate disruption and degradation in log collection. You can also create correlation rules that use your own data ingestion logic to trigger alerts when disruption occurs for a specific data source within a specific timeframe.
In addition, Cortex XSIAM has a built-in data ingestion monitoring and alerts mechanism that monitors the availability and overall health of data collection in your environment. This mechanism monitors data ingestion per data source along the data ingestion pipeline, identifies disruptions in data collection, and creates ingestion alerts. For more information about defining the settings for this feature, including UI notifications, see Define Data Ingestion Monitoring.
For more information, see the following topics: