Skip to content

Palo Alto Networks PAN-OS syslog data: Extract fields and classification of Palo Alto logs

Use case

Take Palo Alto Networks syslog message data and set the sourcetypes and indexes based on the message text. This pipeline also automatically removes the header information from messages, which reduces the message size by 10%.

Template details

Template description

This template removes the syslog header from Palo Alto Networks logs and extracts the recommended fields.

The following fields are extracted:

  • sourcetype - based on TYPE field in the event
  • index - based on the sourcetype
  • additional fields, such as: ep_product, ep_vendor

Configuration options

You can customize the index field based on the environment configuration. You can apply additional configuration using SPL2.