Skip to content

CYCLOPS Troubleshooting

Connectivity Issues

Most issues with a CYCLOPS cluster/node can be attributed to not fully satisfying the connectivity requirements. The first step in troubleshooting is ensuring those requirements are met and traffic is properly flowing to the domains listed.

Delayed Log Ingestion

Although there can be many factors to delayed log ingestion, these are the best steps to take to ensure the issue is not within your environment/data center:

Resource Utilization

  • Ensure you are following the scope and sizing guide.

  • Review the CYCLOPS Metrics dashboard in the portal to see current resource utilization for the nodes in your cluster(s).

  • Consider increasing the amount of CPU cores and or the amount of memory assigned to the node.

Networking Considerations

  • If sending logs to a dedicated load balancer before they hit the CYCLOPS cluster, ensure the Load Balancer is not introducing a noticeable networking delay for the logging traffic.

CYCLOPS Metrics Dashboard

Dashboard is completely empty

Ensure that you are not blocking traffic for cyclops-metrics-receive.cyderes.io and prometheus-bigquery.cyderes.io on TCP port 443.

Log event rate panels are empty or missing nodes

The Log event rate panels are populated with data that comes from the metric endpoint of the CDP syslog forwarders on your cluster. Chronicle forwarders have no locally available metrics endpoints, therefore they will not provide data for Log event rate metrics.