Skip to main content
Panther Knowledge Base

Is it possible to extract a nested field while ingesting logs to Panther?

  1. Last updated
  2. Save as PDF

QUESTION

 Is it possible to extract a field and make that a column at ingestion time, even if it is nested? I want to make it a separate schema field.

ANSWER

 

Yes, you can do this with data transformations. By performing a copy on the nested field, then doing a rename on the copied field, you can turn a nested field into a top-level field as the data is ingested.

If you are looking to normalize your data to create detections for multiple log types, see the documentation on Panther Data Models for more information.

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Page type
    Topic
  2. Tags
    This page has no tags.