Hi evreyone,
I'm not sure if I had to post this here or in a paloalto forum.
Problem:
My logstash take the logs that are coming from paloalto, this type of log have a precise structure explained here : Threat Log Fields
But when I recive the log it show only few field.
When I do this for the traffic logs there is no problem (I find all the fields i want).
Where the data is lost ?
My pipline has no filter
If you have no filters and just a straight input to output and you aren't seeing all the expected data then I would go back to the source. I'd also post on paloalto forum.
The only way it could be Logstash is depending on the input/output plugins you used if they have a way of filtering data also.
Thank you @aaron-nimocks for your reply. I posted my problem on paloalto forum:
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.