Hi,
i'm a new logstash and trying to parsing log from my firewall PAN_OS 11 but the field and value dose not match, such as field "NAT Destination IP" get value from the "Rule Name"
Thanks a lot for any hlep
Trung
Hello,
You should start to read the following Logstash configuration examples | Logstash Reference [8.11] | Elastic
I'm not sure how can we help you since you did not provide any logstash elements.
You should take a look into your configuration try to understand the parsing and the logs coming in.
Feel free to ask any question !
Welcome to the community Trung
You should use csv plugin to parse the message. There is many samples on https://discuss.elastic.co/
Please do not post the pic, the text format is more usable.
thank a lot for quick reply, I got the log and working on it now.
thank a lot for your reference, I got the csv log and working on it to apply the csv filter. I do not know why Paolo Alto syslog reference add "FUTURE_USE" in there log parsing that why it can not convert to the right csv in to logstash 
If you do not need field, you can remove it by using mutate{ remove_field... or you use the prune filter.
1 Like