Panw module (Palo Alto) ingest reports Object Object.getClass() error because receiver is null

srpine · August 12, 2020, 3:21pm

I am seeing errors for some of the TRAFFIC entries in the log.
Pipeline complains about:
Object Object.getClass() because receiver is null

After breaking down the csv I found the following fields 12,13,19 were null in cases where the pipeline failed.

These are mapped while parsing TRAFFIC to:
client.user.name: 12
source.user.name: 12
server.user.name: 13
destination.user.name: 13
panw.panos.destination.interface: 19
observer.ingress.interface.name: 19

Is this a know issue?
is there a solution for this?

Thanks in advance for your help.

shaunak · August 12, 2020, 6:36pm

(Moving post to SIEM category as that team at Elastic maintains this module)

Topic		Replies	Views
Filebeat 7.7 panw module sends THREAT, but not TRAFFIC logs Beats filebeat	8	1440	August 21, 2020
Panw Schema Potential Bug in CSV Parse and Column Numbering Beats filebeat	4	509	December 13, 2019
Filebeat 8.4.2 modules Panw : Panw modules does not parse log correctly Beats beats-module , filebeat	1	346	October 25, 2022
PanW module issues Beats filebeat	1	502	February 4, 2021
Palo Alto integration with USERID [SIEM Feature] Beats filebeat	6	620	April 21, 2021

Panw module (Palo Alto) ingest reports Object Object.getClass() error because receiver is null

Related topics