Troubleshooting log enrichment

Issue 1 symptom

The enrichment_audit field is not added to collected logs.

Resolution

The criteria configured in enrichment policy does not match the logs.

Issue 2 symptom

Enrichment is not added to logs.

Resolution

Check the enrichment_audit field in logs and check the status added to the field. For information about these status, see Creating-enrichment-policies.

Issue 3 symptom

Partial enrichment is added to logs

Resolution

Ensure that the connection with the endpoint URL that you have configured to connect to the enrichment source is successful