Skip to main content
Panther Knowledge Base

Does Panther backfill log sources after temporary connection issues?


If one of my Panther log sources becomes temporarily broken, will Panther backfill the data once the source is repaired?


This depends on which type of log source, and how it was broken.

For most of Panther's managed log sources, any logs which are lost due to API/authentication issues will be backfilled once the source becomes viable again.

For custom sources (Amazon S3, Azure Blob, HTTP, GCS, SQS, etc.), the answer varies.

  • If the issue is internal to Panther, meaning the data from these sources is being delivered to and received by Panther, but is not being processed, then that data should be cached, and then processed once the source is fixed. In some cases, our support team may be required to manually trigger the reprocess.
  • If the issue is in the data pipeline, meaning data is failing to reach Panther at all, then there will be no automatic backfill, and you will need to send the data to Panther again.
  • Was this article helpful?