Success and failure code responses to your HTTP POST requests - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Documentation
Product
Cortex XSIAM
Creation date
2024-03-06
Last date published
2025-03-17
Category
Administrator Guide

The following table provides the various success and failure code responses to your HTTP POST requests, which can help you troubleshoot any problems with your HTTP collector configuration.

Success/failure response code

Description

Output code displayed (if applicable)

200

Success code that indicates there are no errors and the request was successful. The last_used field timestamp is updated accordingly.

{    "ok": "true"}

400

Error code that indicates that there is a problem with any of the following:

  • The partition date value (x-cortex-partition) is missing or empty in the HTTP request.

  • The partition date value in the HTTP request (x-cortex-partition) isn't in the correct format of YYYY-MM-DD.

  • Dataset name value (x-cortex-source-dataset) is missing or empty in the HTTP request.

  • Partition date value missing or empty in HTTP request:

    {    "error": "partition value is missing or empty"}

  • Partition date value isn't in the correct format of YYYY-MM-DD:

    {    "error": "partition value must be in the format YYYY-MM-DD"}

  • Dataset name value is missing or empty in the HTTP request:

    {    "error": "sourceDataset value is missing or empty"}

401

Unauthorized error code that indicates an incorrect authorization key for the HTTP collector is being used.

{    "error": "Failed to validate authentication detail"}

403

Error code that indicates one of the following:

  • Wrong header key for the HTTP collector is in the HTTP request and cannot be used.

  • Partition date value (x-cortex-partition) in the HTTP request is not within the license retention period for hot and cold storage.

  • Wrong header key in HTTP request:

    The Bulk Load configuration has been deleted and cannot be used

  • Partition date value not within the license retention period for hot and cold storage:

    partition is less than license start date

413

Error code indicating the request entity is too large as the request size is more than the 25 MB limit.

Request entity too large as the size is more than 25 MB limit

429

Error code indicating too many requests as the ingestion limits are reached for one of the following reasons:

  • Daily ingestion limit of <number> files is exceeded.

  • Daily file size ingestion limit of <number> GB is exceeded.

  • Daily ingestion file limit exceeded:

    exceeds daily limit of <number> files

  • Daily ingestion file size limit exceeded:

    exceeds daily limit of <number> GB

500

Error code indicating an unexpected internal error while processing the bulk load HTTP request.

Unexpected error while processing bulk load request