Check for missing log data by either:
The Log Performance page provides a summary view and a breakdown of log delivery failures for up to the last 30 days.
Find out which log files are missing by manually checking for gaps in the sequence number reported by each Real-Time Log Delivery software agent.
Learn more.
Key information:
Navigate to the Log Performance page by performing the following steps:
Navigate to the Real-Time Log Delivery CDN | Rate Limiting
Log delivery failures are graphed according to the following categories:
Category | Description |
---|---|
Bad Certificate |
Indicates that the SSL certificate corresponding to the domain where log data is being sent is invalid. Please verify your SSL certificate and then update as needed. There are online tools (e.g., SSL Checker) that analyze your SSL certificate for issues. Log delivery requires a certificate whose trust anchor is a publicly trusted certificate authority (CA). Additionally, the certificate must include a chain of trust for all intermediate certificate(s) and a leaf certificate. |
Connection Time Out |
Indicates that the destination server failed to respond in a timely fashion. |
Failed Authentication |
Indicates that log delivery failed due to an unauthorized request (i.e., 401 Unauthorized or 403 Forbidden). |
Failed Connection |
Indicates that the destination server was unavailable. |
Failed to Deliver |
Indicates that log delivery failed for none of the above reasons. |
Use the following information when assessing whether there is a gap in the sequential number reported by each Real-Time Log Delivery software agent.
A software agent's unique ID is reported within the:
Log file name (AgentID) - AWS S3, Azure Blob Storage, and Google Cloud Storage only
A software agent's sequence number is reported within the:
Log file name (SequenceNumber) - AWS S3, Azure Blob Storage, and Google Cloud Storage only
This sequential number resets to 0 at the start of a new day (UTC). The date on which log data was generated is reported within the:
If log data uses either the JSON Array or JSON Lines log format, then you will be unable to use the JSON payload to check for sequence number gaps. This means that you will be unable to check for sequence gaps when delivering log data to your web server(s), Splunk Enterprise, Sumo Logic, Datadog, or New Relic.
RTLD CDN: On 12/8/2019, the log file naming convention was updated to include the profile ID for your Real-Time Log Delivery configuration.
Let's assume that your AWS S3 bucket, Azure Blob container, or Google Cloud Storage bucket contains the following log files:
adn_0001_123_20240114_0000000000000123_0.json.gz
adn_0001_123_20240114_0000000000000123_1.json.gz
adn_0001_123_20240114_0000000000000123_3.json.gz
In this situation, we can tell that there is missing log data. Specifically, the log entries associated with the following log file are missing: