When trying to process AWS S3 Server Access logs, some events result in classification failures and the following error occurs:
"error": "failed to parse integer: strconv.Atoi: parsing \""HTTP/1.1\\\""\"": invalid syntax"
To resolve this issue:
requesturi field in the source file for this event for any extra unescaped double quotes '
Please also see this Panther KB article that contains a query to pull the S3 URI path from the data audit table for any Classification Failure.
If you do not see an unescaped double quotes in your source event, reach out to Panther Support.
This issue occurs due to unescaped double-quotes in request URIs that make parsing fields from these logs impossible to do programmatically.
We have an open request with AWS to address this issue.