Palo Alto | include "strict_date_optional_time_nanos" format for date fields #26033

jamiehynds · 2021-06-01T08:31:43Z

Logs that are generated from Palo Alto's Cortex Data Lake default to using the date format strict_date_optional_time_nanos, while the panw-panos-pipeline currently defaults to using the following date format:

"formats": [
    "yyyy/MM/dd HH:mm:ss"
 ],

Adding 'strict_date_optional_time_nanos' as a default date format for the filebeat panw-panos-pipeline will also users to ingest data from Palo Alto's Cortex Data Lake without manually modifying the pipeline. This format has been tested by a user:

"formats": [
        "yyyy/MM/dd HH:mm:ss",
        "strict_date_optional_time_nanos"
      ],

The text was updated successfully, but these errors were encountered:

elasticmachine · 2021-06-01T08:32:15Z

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

…odule (#26158) * #26033: add strict_date_optional_time_nanos format * update changelog * added new sample log, need to check CSV parsing * update sample data Co-authored-by: Marius Iversen <marius.iversen@elastic.co>

…odule (#26158) * #26033: add strict_date_optional_time_nanos format * update changelog * added new sample log, need to check CSV parsing * update sample data Co-authored-by: Marius Iversen <marius.iversen@elastic.co> (cherry picked from commit 7742fda) # Conflicts: # x-pack/filebeat/module/panw/panos/ingest/pipeline.yml # x-pack/filebeat/module/panw/panos/test/global_protect.log-expected.json # x-pack/filebeat/module/panw/panos/test/hipmatch.log-expected.json

…odule (elastic#26158) * elastic#26033: add strict_date_optional_time_nanos format * update changelog * added new sample log, need to check CSV parsing * update sample data Co-authored-by: Marius Iversen <marius.iversen@elastic.co>

…odule (#26158) (#26525) * #26033: add strict_date_optional_time_nanos format * update changelog * added new sample log, need to check CSV parsing * update sample data Co-authored-by: Marius Iversen <marius.iversen@elastic.co> Co-authored-by: Alex Resnick <adr8292@gmail.com> Co-authored-by: Marius Iversen <marius.iversen@elastic.co>

jamiehynds added the Team:Security-External Integrations label Jun 1, 2021

jamiehynds added Integration:Palo Alto enhancement labels Jun 1, 2021

legoguy1000 mentioned this issue Jun 7, 2021

[FIlebeat] add strict_date_optional_time_nanos date format to PanOS module #26158

Merged

6 tasks

jamiehynds added the 7.15 Candidate label Jun 22, 2021

legoguy1000 added a commit to legoguy1000/beats that referenced this issue Jun 24, 2021

elastic#26033: add strict_date_optional_time_nanos format

6d2303f

P1llus closed this as completed in #26158 Jun 24, 2021

marc-gr mentioned this issue Jun 28, 2021

Cherry-pick #26158 to 7.x: [FIlebeat] add strict_date_optional_time_nanos date format to PanOS module #26525

Merged

6 tasks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Palo Alto | include "strict_date_optional_time_nanos" format for date fields #26033

Palo Alto | include "strict_date_optional_time_nanos" format for date fields #26033

jamiehynds commented Jun 1, 2021

elasticmachine commented Jun 1, 2021

Palo Alto | include "strict_date_optional_time_nanos" format for date fields #26033

Palo Alto | include "strict_date_optional_time_nanos" format for date fields #26033

Comments

jamiehynds commented Jun 1, 2021

elasticmachine commented Jun 1, 2021