Skip to main content
Panther Knowledge Base

How to resolve "PantherError: a data model hasn't been specified for this log type".

  1. Last updated
  2. Save as PDF

Issue

One or more of your detections are erroring out, with the error message:

PantherError("a data model hasn't been specified for log type", '<A_LOG_TYPE>')

Resolution

To resolve this error:

  1. In the Panther Console, navigate to Build > Data Models.
  2. Configure the filters to  display only models for the chosen log type, such as AWS.CloudTrail or Okta.Systemlog.
  3. If a model exists, but is disabled, enable it.
  4. If no model exists, create one. You can reference our specifications for custom data models for guidance.

Note that some data models are managed by Panther Packs, meaning they can be automatically enabled or disabled according to the whether the pack is enabled or not.

Cause

The exact cause of this error is that in your detection code, you've utilized a helper function which requires a data model to be defined. When Panther attempts to locate the data model for the event, it fails, either because there isn't one, or it is disabled. Creating or enabling the data model resolves this issue.