Skip to main content
Panther Knowledge Base

How to identify the source of a log in Panther

  1. Last updated
  2. Save as PDF

QUESTION

If I have two instances of the same application (for example, Okta) that are receiving logs, and both integrations send data into the same source, how can I differentiate which source a given log came from? Is there a way to add a field which shows the source, or to send the integrations into separate sources?

ANSWER

If your log sources are configured using the default integration, then Panther adds the p_source_id and p_source_label standard fields to the data.

You can try the following query in the Data Explorer (replacing okta_systemlog in the example below with your desired table name).

 SELECT DISTINCT p_source_id, p_source_label 
 FROM panther_logs.public.okta_systemlog 
 LIMIT 10;

For more information on Panther's standard fields across all log events, check out our documentation page on Standard Fields.

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Page type
    Topic
  2. Tags
    This page has no tags.