Data Sources
Use the search bar above or navigate the categories below to find articles about Data Sources.
For setup instructions, check out the Panther documentation on Data Sources.
- Custom Logs
- Can I delete a schema in Panther?
- Can I use multiple timestamp formats in one schema in Panther?
- Can I use the `native` parameter in a custom schema in Panther?
- Can Panther parse logs in ORC format from Apache Hive?
- Does Panther have native support for Google Workspace Admin Alerts?
- How does Panther match custom schemas if multiple schemas are used?
- How do I change a Custom Schema field type in Panther?
- How do I download a newer version of pantherlog?
- How do I exclude a schema test from a group of tests with Pantherlog?
- How do I resolve the error "pantherlog cannot be opened because the developer cannot be verified"?
- Is it possible to extract a nested field while ingesting logs to Panther?
- Is there a maximum size limit on data that Panther ingests?
- Pantherlog test fails with CSV input
- Troubleshooting CLI errors with "pantherlog parse"
- What is the native parser in Panther-provided schemas?
- Why are all my incoming logs only matching 1 schema?
- Why do I see "schema update is not backwards compatible" when updating a schema in Panther?
- Data Transports
- Can I create multiple Panther log sources from one S3 bucket?
- Can I rename my SNS topic from panther-notifications-topic to something different?
- Can Panther ingest compressed data?
- Does Panther add logs from my S3 bucket that existed before I started using Panther?
- How can I ingest GuardDuty findings via CloudWatch instead of S3 in Panther?
- How come no data is coming in for a new S3 log source in Panther?
- How do I configure an S3 log source in Panther with a prefix exclusion or inclusion?
- How do I get copies of logs from Panther S3 buckets into my own AWS account S3 buckets?
- How do I resolve the error "failure to download encrypted files from S3" while ingesting CloudTrail logs in Panther?
- How many prefix filters can I add to an S3 log source?
- How to solve "Source experienced errors recently while trying to access S3 objects" for Panther Log Source
- No data flow or errors after creating IAM role manually for S3 source in Panther
- Panther Log Source error: "Bucket notifications are not properly configured"
- What IP does Google see when Panther pulls logs from a GCS bucket?
- Why do I get an error when trying to ingest zst compressed files in Panther?
- Supported Logs
- After fixing an unhealthy log source, why do I still get an error banner in the Panther Console?
- Can I backfill the logs of a new log source into Panther?
- Can I exclude logs from ingestion into Panther?
- Can I integrate with Google BigQuery API to query Gmail logs from Panther?
- Can I pause ingestion of a log source in Panther?
- Can Panther filter sensitive fields such as passwords out of incoming logs?
- Does Panther allow logs to be overwritten or does it append only?
- How are IP Addresses normalized and stored in Panther?
- How can I set up multiple CloudTrail log sources in Panther?
- How do I add new AWS CloudTrail log sources to Panther when the original does not have a prefix?
- How do I resolve "Organization not found" when ingesting GitHub audit logs in Panther?
- How do I resolve the error "authentication failed with HTTP status code 500: unable to authenticate" when onboarding Salesforce logs to Panther?
- How to Fix "Invalid Redirect" for Panther's Zoom Integration
- If I delete a log source in Panther, is its data deleted?
- Why are 1Password ItemUsage logs missing in Panther?
- Why are certain ItemUsage 1Password Events not showing up in Panther?
- Why does my Guard Duty log source in say it cannot access a log file in Panther?
- Why do I see "no bot scopes required" when onboarding Slack audit logs to Panther?
- Why do I see a “402 payment required” error while onboarding logs from Atlassian to Panther?
- Why do I see a “ratelimited” error while onboarding Slack logs to Panther?
- Why do I see high latency on some of my log types in Panther?
- Why haven't I received Salesforce Logs in Panther for the past 24 hours?