How to resolve "Error while checking Cloud Pub/Sub subscription existence" for my GCP logs in Panther

Last updated
Save as PDF

Issue

We are receiving the following error regarding our GCP log source:

Error while checking Cloud Pub/Sub subscription existence

Logs are still flowing, so it’s not interrupting service. How do I resolve this?

Resolution

To resolve this issue:

Check if you've made any changes to the permissions on the service account.
Ensure that you’ve granted the required permissions and assigned the required IAM roles to your account. Panther requires both the pubsub.subscriptions.consume and pubsub.subscriptions.get permissions from customers for the Pub/Sub onboarding process.

Cause

If Panther continues to receive data normally but some of the periodic health checks fail, this could cause the error you're encountering. If this log source was healthy previously and only recently became unhealthy, it's likely that the pubsub.subscriptions.get permission was revoked.