Learn more about data ingestion health monitoring.
Danger
To activate the Cortex XSIAM data ingestion monitoring and alerts mechanism, you must enable Data Ingestion Monitoring in your Server Settings. For more information, see Set up your environment.
Cortex XSIAM collects granular data ingestion metrics that provide an insight into the data ingestion pipeline, and identify disruptions in data collection. With these metrics you can trace data collection from a specific source, and see a breakdown by data source attributes such as Collector Name and Final Reporting Device.
You can use these metrics in Cortex Query Language (XQL) queries to investigate disruption and degradation in log collection. You can also create correlation rules that use your own data ingestion logic to trigger alerts when disruption occurs for a specific data source within a specific timeframe.
In addition, Cortex XSIAM has a built-in data ingestion monitoring and alerts mechanism that monitors the availability and overall health of data ingestion in your environment, and triggers ingestion health alerts if disruptions occur.