Skip to main content
Panther Knowledge Base

Why am I receiving an "alert_context size bigger than maximum" error in Panther?


When I receive an alert from a webhook, the alert context displays an error:

""_error"": ""alert_context size is [601786] characters, bigger than maximum of [204800] characters""


To resolve this issue:

  • Optimize and reduce the amount of information to be output through the alert_context field.
  • Utilize the Panther API to query the events from the alert instead of trying to output all the information through the alert_context field. The entire rule match is written in the data lake so you'd be able to extract all the info needed through a Panther API data lake query.


This issue occurs when there is too much information being passed through the alert_context.