How do I infer sample Cloudwatch Log Events and or JSON Array Events in Panther?

Last updated
Save as PDF

QUESTION

ANSWER

After uploading a sample file to infer logs, you can select the Stream Type. If you leave this set to auto (the default setting), Panther will automatically detect the appropriate stream type. You can also manually choose lines, JSONArray, or CloudWatch Logs.

Panther supports JSON stream types for inferring schemas from an S3 source that are not new-line delimited or are multi-line JSON.

See Panther's documentation for more information on inferring a schema.