Resolve Intermittent Ingestion Drop for Google SecOps HTTPS Endpoints

How to resolve dropped ingestion volume when exporting to Google SecOps via HTTPS.

Overview

On February 24, 2026, we identified an issue affecting Google SecOps customers using Bindplane agents with HTTPS endpoints. The Chronicle HTTP exporter treated certain server responses (429, 502, 504) as permanent failures instead of retrying, causing logs to be dropped during transient errors.

This issue was resolved in agent version v1.94.2. Customers running earlier versions should upgrade to restore correct retry behavior.

Affected status codes:

429 — Rate limit exceeded
502 — Bad gateway
504 — Gateway timeout

Fix: Upgrade agents to v1.94.2 or later.

Who is affected?

Agents using the Google SecOps (Chronicle) destination configured with the HTTPS export method. Agents using the gRPC export method are not affected.

How to check if you were affected

You can monitor impact by checking Traffic by response code in your GCP project's Chronicle APIs ImportLogs methods for 429 errors. If you see 429 responses during the incident window, your agents were likely dropping data.

How to upgrade

Before updating, review your organization's update methodology and versioning guidelines. Catching up on agent versions before a Bindplane update is generally recommended. Please reference documentation on Updating the Bindplane Distro for OpenTelemetry Collector.

Option 1: Bindplane UI

Navigate to the Agents page
To upgrade a single agent, click the upgrade link next to the agent's version number
To upgrade multiple agents, select the outdated agents and click the bulk upgrade button

Option 2: Bindplane CLI

List connected agents to identify those that need upgrading:

bindplane get agents

Then update each agent:

bindplane update agent {ID}

Option 3: Re-run the install script

For in-place upgrades, re-run the collector install script. This approach is not recommended for most environments but may fit certain versioning strategies.

sudo sh -c "$(curl -fsSlL 'https://github.com/observIQ/bindplane-agent/releases/latest/download/install_unix.sh')" install_unix.sh

The install script is also accessible from the Agents page via the Install Agent button.

How to verify

After upgrading, confirm agent versions from the Agents page in the UI, or via the CLI:

bindplane get agents

Verify the version shows v1.94.2 or later for all affected agents.

References

PreviousConnect the Google SecOps Integration with WIF Auth NextKubernetes

Last updated 4 days ago

Was this helpful?

Good night

hashtagOverview

hashtagWho is affected?

hashtagHow to check if you were affected

hashtagHow to upgrade

hashtagOption 1: Bindplane UI

hashtagOption 2: Bindplane CLI

hashtagOption 3: Re-run the install script

hashtagHow to verify

hashtagReferences