Custom Logs

Articles

• Does Panther natively support Cloudflare Security Insight alerts?
• Error 'unexpected format: "%N" found in 10 byte' when running pantherlog parse
• Is there a maximum size limit on data that Panther ingests?
• How are Starlark timeouts handled during Panther parsing?
• Do I need to include the "fieldDiscoveryEnabled: true" flag in my YAML file to use this feature in Panther?
• How to resolve "EventTime: DecodeTime" parsing error when testing schemas with pantherlog
• How can I onboard Snowflake audit logs from other Snowflake accounts into Panther?
• Classification Error 'readEscapedChar' when parsing logs in Panther
• How long does it take for a table to be reflected in the Data Lake after schema creation in Panther?
• Will logs received by log sources in Panther without attached schemas be discarded?
• How can I write multiple pantherlog tests for a schema?
• How do I download a newer version of pantherlog?
• Does Panther support .tar file type for raw upload data?
• Does Panther support asciinema logs?
• Will my cloned custom schema be affected when Panther updates the original managed schema?
• How do I resolve the error "schema validation failed: failed to infer Glue columns" in Panther?
• How do I verify that my Panther webhook endpoint is correctly configured to receive logs?
• I get a classification failure on my timestamp when trying to parse microseconds in Panther
• Why do I get an error when using "import base64" in a Panther script parser?
• How can I ingest CrowdStrike logs into Panther without a subscription to CrowdStrike FDR?
• Troubleshooting guide for Panther's parsing errors
• How can I transform "(at)" email values to "@" in Panther
• How do I change a Custom Schema field type in Panther?
• Why are my comments getting erased if I switch to 'Separate Sections' from 'Single Editor' when creating a custom schema in Panther?
• What's the distinction between the shared secret and bearer approaches for Panther HTTP log sources? ­
• When adding or removing fields from a custom schema in Panther, what happens to the corresponding columns in the data lake?
• Does Panther support Mimecast as a log source?
• Why can’t I find logs in the data lake after ingesting data using a custom schema in Panther?
• Does Panther support parsing nanoseconds for timestamps in custom logs?
• How can I ingest log events into Panther if they contain duplicate field names?
• How do I exclude a schema test from a group of tests with Pantherlog?
• Does Panther support OpenTelemetry (OTEL) logs?
• Error: 'InvalidLogSchema: Field Discovery can only be enabled with JSON or CSV data with header' when updating or creating a schema in Panther
• Is it possible to extract a nested field while ingesting logs to Panther?
• How to resolve "Failed to infer schema... error found in byte" when inferring schema in Panther
• When I create a new schema in the Panther console, when is the associated Snowflake table created?
• Why am I getting Bad Gateway Error when making a schema in Panther?
• Can Panther ingest AWS Session Manager (SSM) logs?
• Does Panther support logs in parquet format?
• Can Panther parse logs in ORC format from Apache Hive?
• Can I use Panther's fastmatch in a custom schema for timestamps with spaces?
• How to fix "invalid number: NaN/Inf" in schema parsing?
• Using the split transformation to ingest fields into Panther with a single or multiple values
• What is the native parser in Panther-provided schemas?
• How do I resolve pantherlog errors when I try to run multiple schema tests?
• What happens when an event is unclassified in Panther? Does this result in the loss of classified events too?
• Can I use multiple timestamp formats in one schema in Panther?
• Pantherlog test fails with CSV input
• Error 'Source xx did not pass configuration check' when trying to create a new Azure Blob Storage log source in Panther
• Can I specify multiple accepted data types for a log schema field in Panther?
• Pantherlog error: "Error: Not equal: expected: """ when testing a custom schema in Panther
• How do I resolve a "DecodeTime: failed to parse" error for a custom schema in Panther?
• Panther schemas: does the "required" flag propagate to subfields as well?
• Why don't the Overview Stats numbers update in Panter's Log Sources?
• Can you use a wildcard to recursively exclude files when inferring schemas from S3 folders in the Panther Console?
• Does Panther have native support for Google Workspace Admin Alerts?
• How do I resolve Panther log schema parsing issues caused by inconsistent data types in event fields?
• Error: "Query timeout after scanning x B from x S3 objects (Total Listed: x)" when trying to infer a custom schema from the S3 data receiver in Panther
• Can I delete or rename a schema in Panther?
• Can I set Panther to ignore duplicate events from my log source?
• Why do I see "schema update is not backwards compatible" when updating a schema in Panther?
• Does field discovery automatically add the new fields to my schema YAML file in Panther?
• Using Escaped Characters in Panther's Ingestion Filters for Normalized Events
• Does Panther offer any way to split 1 incoming event into several separate events?
• How to add an unsupported log source to Panther and request for new log sources
• Can I reduce my ingested bytes quota by removing or masking the fields that I do not need in Panther?
• What happens when Panther ingests a required data field whose value is null?
• Why are all my incoming logs only matching 1 schema?
• Does Panther support country normalization with ISO 639-1 codes?
• Can I use the native parameter in a custom schema in Panther?
• How is the field p_event_time populated in my custom schema in Panther?
• How Panther manages multiple schema matching?
• Invalid memory address or nil pointer dereference error in Pantherlog
• Troubleshooting CLI errors with "pantherlog parse"
• Classification error "wrong number of fields" in Panther Console while ingesting logs as CSV data
• Can I use multiple Panther indicators for a single field in a schema?
• Is there a way to handle variable column counts in logs with Panther?
• How do I infer sample Cloudwatch Log Events and or JSON Array Events in Panther?
• Do log source filters in Panther combine using the OR operation, or AND?
• Can Panther authenticate a Stripe-Signature using the HMAC auth method?
• How can I ingest Parquet files from S3 into Panther?
• How to resolve “Failed to infer schema: Must validate one and only schema (oneOf); Does not match pattern” when inferring schema in Panther?
• How can I prevent specific raw event fields from being ingested into Panther?
• How does the "validate" attribute work in Panther custom schemas?
• Schema field name not allowed to contain special character, except in Panther-managed schema
• How reprocessing affects my ingestion quota in Panther?
• How do I resolve the Panther tool error "cannot be opened because the developer cannot be verified"?
• Does Panther support the %-S code from the strftime format for a custom Microsoft schema?
• Error: "gzip decompression failed: unexpected EOF" when ingesting logs in Panther
• Can a Panther schema accept both strings and arrays in the same field?
• Guide to 1.100 change to schema inference