Data Sources
Use the search bar above or navigate the categories below to find articles about Data Sources.
For setup instructions, check out the Panther documentation on Data Sources.
- Cloud Accounts
- For Self-hosted accounts, can I remove panther-account from my Cloud Accounts?
- How do I onboard multiple AWS accounts all at once as Cloud Accounts in Panther?
- How to downgrade or turn off alerts for a specific AWS account within Panther
- My cloud resources have not updated in Panther
- Why does my Cloud Account display "Real Time Scanning Not Enabled" in Panther?
- Custom Logs
- Can I delete or rename a schema in Panther?
- Can I use multiple timestamp formats in one schema in Panther?
- Can I use the `native` parameter in a custom schema in Panther?
- Can Panther parse logs in ORC format from Apache Hive?
- Does Panther have native support for Google Workspace Admin Alerts?
- Does Panther support parsing nanoseconds for timestamps in custom logs?
- Does Panther support the %-S code from the strftime format for a custom Microsoft schema?
- How does Panther match custom schemas if multiple schemas are used?
- How do I change a Custom Schema field type in Panther?
- How do I download a newer version of pantherlog?
- How do I exclude a schema test from a group of tests with Pantherlog?
- How do I infer sample Cloudwatch Log Events and or JSON Array Events in Panther?
- How do I resolve pantherlog errors when I try to run multiple schema tests?
- How do I resolve the Panther tool error "cannot be opened because the developer cannot be verified"?
- How is the field p_event_time populated in my custom schema in Panther?
- How to resolve "Failed to infer schema... error found in #1 byte" when inferring schema in Panther
- Is it possible to extract a nested field while ingesting logs to Panther?
- Is there a maximum size limit on data that Panther ingests?
- I get the classification error "wrong number of fields" in my Panther Console while ingesting my logs as CSV data
- Pantherlog test fails with CSV input
- Troubleshooting CLI errors with "pantherlog parse"
- What is the native parser in Panther-provided schemas?
- Why are all my incoming logs only matching 1 schema?
- Why do I see "schema update is not backwards compatible" when updating a schema in Panther?
- Data Transports
- AWS Kinesis: Firehose Delivery Streams combines data into one line to S3. How can Panther ingest the logs?
- Can I create multiple Panther log sources from one S3 bucket?
- Can I partition buckets by their log stream name with a Cloud Watch log source in Panther?
- Can I rename my SNS topic from panther-notifications-topic to something different?
- Can Panther ingest compressed data?
- Does Panther add logs from my S3 bucket that existed before I started using Panther?
- How can I ingest GuardDuty findings via CloudWatch instead of S3 in Panther?
- How come no data is coming in for a new S3 log source in Panther?
- How do I configure an S3 log source in Panther with a prefix exclusion or inclusion?
- How do I get copies of logs from Panther S3 buckets into my own AWS account S3 buckets?
- How do I get my events on separate lines when using AWS Event Bridge with S3 and Panther?
- How do I resolve "AccessDenied" key errors when ingesting logs to Panther via S3?
- How do I resolve the error "failure to download encrypted files from S3" while ingesting CloudTrail logs in Panther?
- How many prefix filters can I add to an S3 log source?
- How to solve "Source experienced errors recently while trying to access S3 objects" for Panther Log Source
- No data flow or errors after creating IAM role manually for S3 source in Panther
- Panther Log Source error: "Bucket notifications are not properly configured"
- What IP does Google see when Panther pulls logs from a GCS bucket?
- What is the ARN of my Panther SQS queue log source?
- Why are S3 objects are being overwritten while Panther’s log processing is reading them?
- Why do I get an error when trying to ingest zst compressed files in Panther?
- Why is my SNS topic stuck in a "pending confirmation" state for the SQS confirmation for Panther?
- Supported Logs
- After fixing an unhealthy log source, why do I still get an error banner in the Panther Console?
- Can I backfill the logs of a new log source into Panther?
- Can I exclude logs from ingestion into Panther?
- Can I integrate with Google BigQuery API to query Gmail logs from Panther?
- Can I pause ingestion of a log source in Panther?
- Can Panther filter sensitive fields such as passwords out of incoming logs?
- Does Panther allow logs to be overwritten or does it append only?
- How are IP Addresses normalized and stored in Panther?
- How can I exclude logs from my Panther GCP integration?
- How can I ingest AWS EKS logs to only one log source in Panther?
- How can I set up multiple CloudTrail log sources in Panther?
- How do I add new AWS CloudTrail log sources to Panther when the original does not have a prefix?
- How do I ingest IP addresses from GitHub Audit Logs into Panther?
- How do I resolve "Organization not found" when ingesting GitHub audit logs in Panther?
- How do I resolve the error "authentication failed with HTTP status code 500: unable to authenticate" when onboarding Salesforce logs to Panther?
- How do I resolve the Zendesk log error 403 "You do not have access to this page" in Panther?
- How often does Panther try to log in to my Salesforce integration if the password is not valid?
- How to Fix "Invalid Redirect" for Panther's Zoom Integration
- How to resolve "invalid header" error when trying to ingest AWS VPC flow logs through Cloudwatch in Panther
- If I delete a log source in Panther, is its data deleted?
- Why are 1Password ItemUsage logs missing in Panther?
- Why are certain ItemUsage 1Password Events not showing up in Panther?
- Why does my Guard Duty log source in say it cannot access a log file in Panther?
- Why do I experience delays in parsing Google Workspace events within my Panther Console?
- Why do I get the error "failed to read line: gzip decompression failed: flate: corrupt input before offset" on my Lacework log source within Panther?
- Why do I see "no bot scopes required" when onboarding Slack audit logs to Panther?
- Why do I see a “402 payment required” error while onboarding logs from Atlassian to Panther?
- Why do I see a “ratelimited” error while onboarding Slack logs to Panther?
- Why do I see high latency on some of my log types in Panther?
- Why do Panther API requests keeps blocking me from resetting my Salesforce security token?
- Why haven't I received Salesforce Logs in Panther for the past 24 hours?