Error:
An unexpected error occurred. Please click Reload to try again.
Error:
An unexpected error occurred. Please click Reload to try again.
How to troubleshoot CDL Log Storage Approaching Limits - Knowledge Base - Palo Alto Networks

How to troubleshoot CDL Log Storage Approaching Limits

8398
Created On 08/16/22 03:42 AM - Last Modified 06/12/24 06:56 AM


Objective


  • Configure Log quota as intended in Cortex Data Lake
  • Verify that CDL's log quota is configured.


Environment


  • Cortex Data Lake
  • Palo Alto Firewall


Procedure


  1. Configure Log quota as intended in Cortex Data Lake, please follow Allocate Storage Based on Log Type
  2. Determine if you have the appropriate Cortex Data Lake capacity
    1. Use Cortex Data Lake Estimator
    2. Cortex Data Lake capacity can be increased to ensure sufficient retention is achieved as needed; contact Palo Alto Networks Sales team for an additional Cortex Data Lake add-on license if required. 


Additional Information


  • When the log storage for a log type reaches 85% of its configured quota, a Warning Alert is triggered.
  • When the log storage for a log type reaches 100% of its configured quota, a Critical Alert is triggered.
  • If no log quota value is configured for a log type, AIOps will not analyze the storage capacity and no alert will be triggered.
Note: The alert thresholds in Strata Cloud Manager are pre-set at 85% and 100% of the configured quota and cannot be adjusted to different percentages.


Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000CrCZCA0&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language