Skip to main content
Panther Knowledge Base

Does Panther offer any way to split 1 incoming event into several separate events?

  1. Last updated
  2. Save as PDF

QUESTION

I have a log source which formats log events as a single "event" which contains an array of JSON objects. I'd like to treat each item in the array as it's own event, similar to the unwind transformation from MongoDB. Does Panther provide any way to do this during ingest?

ANSWER

Panther is not able to separate multiple logs from a single payload array. 

If you need to separate log events for processing in Panther, we currently advise to use a preprocessor, like Cribbl, Fluentd, or a custom scripted solution.

 

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Page type
    Topic
  2. Tags
    This page has no tags.