I am new to this forum and new to the job where I am having this issue so please forgive me if this is an easy question that has been answered, I could not find the info I was looking for. I am trying to setup a Cortex Data Lake for my Cortex XDR Cloud logging. I am aware that I cannot see anything in the data lake when going to explore. However, my issue is that used space is showing as 0mb of 7tb. I have read many articles and I "think" that everything is setup properly but I can't seem to get any logs flowing in to the data lake. I would greatly appreciate some assistance and I am willing to supply more information as needed I just dont know what to supply at this moment.
Welcome to the forum. First of all, If would you like to use CDL for cloud logging, you must have Cortex XDR Pro per TB license. If you have this license, you can configure your cloud provider and Cortex XDR like below.
Ingesting cloud provider logs are configuring via XDR Management console and you cannot reach that logs via CDL. You should reach and search via XDR console. This is also applicable for XDR logs as well. When you complete the configuration, you can use XQL to search your logs.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!