You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
| An internal server error occurred while running the query. ||
71
-
| The query execution timed out. ||
72
-
| A table referenced in the query was not found. | Verify that the relevant data source is connected.|
73
-
| A semantic error occurred while running the query. | Try resetting the alert rule by editing and saving it (without changing any settings). |
74
-
| A function called by the query is named with a reserved word. | Remove or rename the function.|
75
-
| A syntax error occurred while running the query. | Try resetting the alert rule by editing and saving it (without changing any settings). |
76
-
| The workspace does not exist. ||
77
-
| This query was found to use too many system resources and was prevented from running. ||
78
-
| A function called by the query was not found. | Verify the existence in your workspace of all functions called by the query.|
79
-
| The workspace used in the query was not found. | Verify that all workspaces in the query exist.|
80
-
| You don't have permissions to run this query. | Try resetting the alert rule by editing and saving it (without changing any settings). |
81
-
| You don't have access permissions to one or more of the resources in the query. ||
82
-
| The query referred to a storage path that was not found. ||
83
-
| The query was denied access to a storage path. ||
68
+
| Description | Remediation |
69
+
| ------------ | ------------ |
70
+
| An internal server error occurred while running the query. ||
71
+
| The query execution timed out. ||
72
+
| A table referenced in the query was not found. | Verify that the relevant data source is connected. |
73
+
| A semantic error occurred while running the query. | Try resetting the alert rule by editing and saving it (without changing any settings). |
74
+
| A function called by the query is named with a reserved word. | Remove or rename the function. |
75
+
| A syntax error occurred while running the query. | Try resetting the alert rule by editing and saving it (without changing any settings). |
76
+
| The workspace does not exist. ||
77
+
| This query was found to use too many system resources and was prevented from running. ||
78
+
| A function called by the query was not found. | Verify the existence in your workspace of all functions called by the query. |
79
+
| The workspace used in the query was not found. | Verify that all workspaces in the query exist. |
80
+
| You don't have permissions to run this query. | Try resetting the alert rule by editing and saving it (without changing any settings).|
81
+
| You don't have access permissions to one or more of the resources in the query. ||
82
+
| The query referred to a storage path that was not found. ||
83
+
| The query was denied access to a storage path. ||
84
84
| Multiple functions with the same name are defined in this workspace. | Remove or rename the redundant function and reset the rule by editing and saving it. |
85
-
| This query did not return any result. ||
86
-
| Multiple result sets in this query are not allowed. ||
87
-
| Query results contain inconsistent number of fields per row. ||
88
-
| The rule's running was delayed due to long data ingestion times. ||
89
-
| The rule's running was delayed due to temporary issues. ||
90
-
| The alert was not enriched due to temporary issues. ||
91
-
| The alert was not enriched due to entity mapping issues. ||
92
-
|\<number> entities were dropped in alert \<name> due to the 32 KB alert size limit. ||
93
-
|\<number> entities were dropped in alert \<name> due to entity mapping issues. ||
94
-
| The query resulted in `n` events, which exceeds the maximum of 150 results allowed for rules with alert-per-row events-grouping configuration. Alert-per-row was generated for first {3} events and an additional aggregated alert was generated to account for all events.
85
+
| This query did not return any result. ||
86
+
| Multiple result sets in this query are not allowed. ||
87
+
| Query results contain inconsistent number of fields per row. ||
88
+
| The rule's running was delayed due to long data ingestion times. ||
89
+
| The rule's running was delayed due to temporary issues. ||
90
+
| The alert was not enriched due to temporary issues. ||
91
+
| The alert was not enriched due to entity mapping issues. ||
92
+
|\<*number*> entities were dropped in alert \<*name*> due to the 32 KB alert size limit. ||
93
+
|\<*number*> entities were dropped in alert \<*name*> due to entity mapping issues. ||
94
+
| The query resulted in \<*number*> events, which exceeds the maximum of \<*limit*> results allowed for \<*rule type*> rules with alert-per-row event-grouping configuration. Alert-per-row was generated for first \<*limit*-1> events and an additional aggregated alert was generated to account for all events.<br>- \<*number*> = number of events returned by the query<br>- \<*limit*> = currently 150 alerts for scheduled rules, 30 for NRT rules<br>- \<*rule type*> = Scheduled or NRT
0 commit comments