I'm not sure if I had to post this here or in a paloalto forum.
My logstash take the logs that are coming from paloalto, this type of log have a precise structure explained here : Threat Log Fields
But when I recive the log it show only few field.
When I do this for the traffic logs there is no problem (I find all the fields i want).
Where the data is lost ?
My pipline has no filter