Issue

When trying to ingest some logs, the following system error occurs: 

Source [X] experienced errors recently while trying to access S3 objects...invalidstream: log entry is not JSON object

or

"error": "invalid stream: ReadObjectCB: object not ended with }, error found in #10 byte of ...

Resolution

One way to troubleshoot this issue is to log into AWS S3 directly, download one of the log files, and inspect it in a text editor to check for invalid characters or normal characters that aren't valid JSON.

Panther plans to provide the capability to filter raw events for situations like this in the future. In the meantime, it may be possible to change how the log is generated at the source, or implement other filtering solutions like Cribl to change the log before it reaches Panther. To tell the Panther product team that you're interested in this feature, or if you have other questions about this, please contact Panther support.

Cause

This issue occurs when the log event is not formatted in valid JSON, or when it contains invalid or null characters.