Ingestion monitoring (error codes)
- Virginia Camuñas Núñez
Ingestion Error codes
Error codes displayed in the devo.internal.log.error table are always composed of a letter and a number, as in the example below:
I-201→Istands for data ingestion.
Kind
Kind of exception retrieved.
Code | Error | Description |
|---|---|---|
| Frame max length (33554432) exceeded (33570816) | The event size exceeds the maximum length of 32MB. |
|
| The remote endpoint resets or reestablish the connection. |
Specific error
Devo works with various libraries that report specific errors during data ingestion. Below are the most common ones. For more reference, please consult the documentation.
Error | Description |
|---|---|
| The certificate has expired. |
| The remote end was unable to verify the signature on the certificate sheet. |
Explanation for specific error codes
Code | Error | SpecificError | Detail |
|---|---|---|---|
| Frame max length (33554432) exceeded (33570816) |
| The stablished connection closes because the event size exceeds the maximum length of 32MB. |
|
|
| The remote endpoint resets the connection unexpectedly because the certificate has expired. |
|
|
| The remote end reestablished the connection because it was unable to verify the signature on the certificate sheet. |
Message for TLS connection error:
I-201,Connection from <address> closed. TLS client auth certificate <certificate SN>. Error: <reason> (<reason_code)Message for connection closed error:
I-101,Connection from <address> closed. <reason>
Examples
Use the following query to create an alert which detects IP addresses that are sending data with expired certificates. Consider that a new certificate should be installed on the source computer to prevent data loss.
from devo.internal.log.error where eq(component,"ingestion"), toktains(message,"Certificate has expired")
select split(split(message,"Connection from ",1),":",0) as ip
group by ip
Use the following query to create an alert that triggers when an alert stops working because the required custom table was deleted by a Devo user. The table should be recreated with the same field names.