When trying to ingest my AWS Config History Logs, I get the error "event exceeds maximum size: event at offset 1 is larger than 15728640 Bytes"
on my Log Source.
To resolve this issue set a prefix to exclude the Config History context, which will reduce the ingested file size. See📄 Can I exclude logs or specific fields from ingestion into Panther?
Based on the default format of the AWS Config History Log:
1111111111_Config_us-west-2_ConfigHistory_AWS::EC2::VPC_111111T11111Z_111111111111Z_1.json.gz
An exclusion pattern such as *_Config_*ConfigHistory*.json.gz
could be applied.
Cause
Due to their content, the AWS Config History Logs are usually large files. This issue occurs because the AWS Config history Logs' uncompressed size exceeds Panther's maximum allowed limit size. See📄 Is there a maximum size limit on data that Panther ingests?