If I have two instances of the same application (for example, Okta) that are receiving logs, and both integrations send data into the same source, how can I differentiate which source a given log came from? Is there a way to add a field which shows the source, or to send the integrations into separate sources?
If your log sources are configured using the default integration, then Panther adds the
p_source_label fields to the data.
One way to confirm this is to try the following in the Data Explorer (replacing
okta_systemlog in the example below with your desired table name).
SELECT DISTINCT p_source_id, p_source_label FROM panther_logs.public.okta_systemlog LIMIT 10;