How to troubleshoot CDL Log Storage Approaching Limits
8398
Created On 08/16/22 03:42 AM - Last Modified 06/12/24 06:56 AM
Objective
- Configure Log quota as intended in Cortex Data Lake
- Verify that CDL's log quota is configured.
Environment
- Cortex Data Lake
- Palo Alto Firewall
Procedure
- Configure Log quota as intended in Cortex Data Lake, please follow Allocate Storage Based on Log Type
- Determine if you have the appropriate Cortex Data Lake capacity
- Use Cortex Data Lake Estimator
- Cortex Data Lake capacity can be increased to ensure sufficient retention is achieved as needed; contact Palo Alto Networks Sales team for an additional Cortex Data Lake add-on license if required.
Additional Information
- When the log storage for a log type reaches 85% of its configured quota, a Warning Alert is triggered.
- When the log storage for a log type reaches 100% of its configured quota, a Critical Alert is triggered.
- If no log quota value is configured for a log type, AIOps will not analyze the storage capacity and no alert will be triggered.