My Zendesk log source stopped receiving logs. What happened?
To resolve this issue:
- Try rotating your Zendesk API token. After rotating, it can take up to 15 minutes for the new token to be usable.
- Try re-creating the Zendesk log source in Panther, following the steps in our documentation here. You can use either OAuth or the API token, but the Zendesk user you use must have admin privileges either way. NOTE: You may have to redo this step multiple times in order to resolve this issue.
- If this does not resolve after 15 minutes or so, please contact your Panther Support team.
This issue can occur due to two main reasons. The first and simpler cause is when the API token has been unknowingly deactivated. The second cause is related to Zendesk's size limits for data on each plan they offer. Currently, Panther's log puller is not customized for specific Zendesk plan types, which means it might attempt to pull a larger number of records exceeding the limit allowed by Zendesk. This situation can lead to the behavior you are experiencing.