I have logs being forwarding from Panorama to ELK.
On ELK server I have filebeats setup with panw module enabled which receives the logs and forwards to logstash.
In logstash filter I am using jdbc_streaming filter for certain database lookups.
I don't see any parse errors, however when a capture is taken for the specific port and I try to compare the wireshark data with Kibana data, I see that certain logs are missed.
I do not see any interface drops but I do see many udpbuffer receive errors so this could also be one of the issue.
Any suggestions to determine where the logs get leaked or dropped are welcome.