Skip to main content
Panther Knowledge Base

How to resolve "invalid header" error when trying to ingest AWS VPC flow logs through Cloudwatch in Panther


I am seeing the following error message when ingesting VPC flow logs through CloudWatch: invalid header

The payload looks correct when compared to the schema.


To avoid this error, send your VPC Flow logs directly to your S3 bucket and then to Panther, using Panther's AWS.VPCFlow schema.

Also ensure that the logs are in CSV format with a header.


Sending your VPC Flow logs to Panther through CloudWatch is not supported using our native integration. This issue can also be caused by sending logs in an incompatible format.