This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

AWS GuardDuty logs are not getting parsed

Posted a week ago
g0wtham
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hello team, 

We have recently ingested the AWS GuardDuty logs to our Secops platform but they are not getting parsed as expected. We do not face such issues with the rest of the feeds from AWS platform such as CloudTrail, EC2 VPCs, AWS Config. There is no error message but there appears a tag "UNPARSED_RAW_LOG

g0wtham_0-1748508888084.png

 

1 1 135
Topic Labels
1 REPLY 1

Posted on --/--/---- --:-- AM
BrianK
Staff
Reply posted on --/--/---- --:-- AM

How are you ingesting these?  Are they in unmodified JSON?  If so it's possible these are messages that haven't been considered in the parser and would need a support ticket to get updated,  you can create a parser extension in the mean time.

Top Solution Authors
View all