Skip to main content
Panther Knowledge Base

Pantherlog test fails with CSV input

  1. Last updated
  2. Save as PDF

Issue

When trying to run a test with pantherlog on sample CSV input, the test fails even though the input is correct. 

Resolution

  • Check if your input CSV statement has multiple lines
    • If so, remove the extra line and change your input to just be one single line with your CSV sample event.
  • Remove the hasHeader: true statement from your schema if it has one.

Cause

This issue can occur when you use multiple lines for your CSV input. For example if you have something like:

Screen Shot 2022-06-27 at 2.35.40 PM.png

Panther will treat these 2 lines as 2 separate events, but a test case can only have 1 event. In this case, the first line will be used as the event, and if your first line is just the CSV header line, this will either fail to classify, and/or simply not match your expected result for this test case.