Skip to main content
Panther Knowledge Base

How do I change a Custom Schema field type in Panther?

  1. Last updated
  2. Save as PDF

QUESTION

How do I change the inferred type of a custom schema field in Panther? What should I do when I have a mis-typed schema field?

ANSWER

You cannot change a schema field type, due to backwards compatibility. To correct a mistyped schema field, create a new schema with the fields correctly typed. Adjust any affected log sources to start using the new schema. Any newly ingested logs will now be correctly typed, but previously ingested logs will maintain the old types.

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
  2. Tags
    This page has no tags.