Elastic SIEM integration with Palo Alto Network FIrewall

Hi Team,

We are integrating Palo Alto Firewall device with Elastic siem. For this we have enabled firewall data on 514 and receiving the same. We want to use the ECS mapping for auto population of SIEM dashboard
At filebeat, we have enabled the panw module and done the setup process.
When starting the filebeat instance, I can see the firewall logs getting received, but it is not getting ingested in ELasticsearch index.

The default pipeline has been loaded and is visible at ES. In debug logs, getting following message
"index 1 exceeds length of 1 when processing mapping for feild event.created"
"Fail to apply processor client"

There is no relevant information available on this. Request your help

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.