Skip to main content
Panther Knowledge Base

Indicator Search does not show results for Custom Log values

  1. Last updated
  2. Save as PDF

Issue

When using the Indicator Search in the Panther Console to query specific values from my custom log schema, I don't get any results, even though I know that this value is contained in my logs.

Resolution

To resolve this issue:

  1. Open the custom log schema.
  2. Ensure that any fields which contain indicators (emails, ip addresses, AWS account IDs, etc.) are marked with an indicator type.

Cause

This is caused by indicator fields not being configured properly. For custom log schemas, the indicator field must be manually configured in order for Panther to properly parse and index their values. 

 

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
  2. Tags
    This page has no tags.