Hi evreyone,
I'm not sure if I had to post this here or in a paloalto forum.
Problem:
My logstash take the logs that are coming from paloalto, this type of log have a precise structure explained here : Threat Log Fields
But when I recive the log it show only few field.
When I do this for the traffic logs there is no problem (I find all the fields i want).
If you have no filters and just a straight input to output and you aren't seeing all the expected data then I would go back to the source. I'd also post on paloalto forum.
The only way it could be Logstash is depending on the input/output plugins you used if they have a way of filtering data also.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.