When trying to parse a log file using pantherlog, I see one of the following errors:
no schema entry for "test.yml"
from the command$ pantherlog parse --schemas test.yml test.csv
invalid stream type "csv"
or whatever type you tried, from the command$ pantherlog parse --stream csv test.csv
WARN classification failure [then lots of output]
from the command$ pantherlog parse test.csv test.yml
validation failed with 3 problems
To resolve this issue, try the command below. This is the basic command to parse a file. This is also documented here, but the --schemas
option is optional.
$ pantherlog parse --path test.yml test.csv
In addition, ensure that you are using the most up to date version of pantherlog.
The --schemas
option checks for schemas that came with Panther. To designate a schema of your own choice to use with this parse operation, use the --path
option.
CSV isn't a stream type that pantherlog
knows how to use. Run pantherlog --help
to see a list of valid stream types.
At least one option is missing here. See the command under Resolution for an example of a command that could work with valid files, or run pantherlog --help
to see the recommended way to order the commands and options.
Validation can fail if there are issues with a schema, such as syntax errors or compatibility issues due to using an outdated pantherlog tool.