Skip to main content
Panther Knowledge Base

How to resolve "invalid header" error when trying to ingest AWS VPC flow logs through Cloudwatch in Panther

  1. Last updated
  2. Save as PDF

Issue

I am seeing the following error message when ingesting VPC flow logs through CloudWatch: invalid header

The payload looks correct when compared to the schema.

Resolution

To avoid this error, send your VPC Flow logs directly to your S3 bucket and then to Panther, using Panther's AWS.VPCFlow schema.

Also ensure that the logs are in CSV format with a header.

Cause

Sending your VPC Flow logs to Panther through CloudWatch is not supported using our native integration. This issue can also be caused by sending logs in an incompatible format.