Troubleshooting log enrichment
The enrichment_audit field is not added to the collected logs
Resolution
The criteria configured in the enrichment policy do not match the logs.
Enrichment is not added to logs
Resolution
Check the enrichment_audit field in logs and check the status added to the field. For information about the status, see Creating-enrichment-policies.
Partial enrichment is added to logs
Resolution
Ensure that the connection with the endpoint URL that you have configured to connect to the enrichment source is successful.
Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*