When trying to ingest some logs, the following system error occurs:
Source [X] experienced errors recently while trying to access S3 objects...invalidstream: log entry is not JSON object
or
"error": "invalid stream: ReadObjectCB: object not ended with }, error found in #10 byte of ...
To automatically exclude improperly formatted events, you can use Raw Event Filters.
Additionally, you can troubleshoot this issue by logging into AWS S3, downloading a log file, and inspecting it in a text editor. Look for invalid characters or any anomalies that prevent the log from being valid JSON.
In the meantime, it may be possible to change how the log is generated at the source, or implement other filtering solutions like Cribl to change the log before it reaches Panther.
This issue occurs when the log event is not formatted in valid JSON, or when it contains invalid or null characters.