With cisco-asa log I parsed logs with grok, can you help me with paloalto logs :
1,2018/06/21 14:16:40,0009C101283,TRAFFIC,start,0,2018/06/21 14:16:40,193.240.221.122,69.172.216.55,0.0.0.0,0.0.0.0,KEOLIS OUT PUBLIC IP,,,ssl,vsys1,DMZ,Internet,ae2.1801,ae1.849,frghcslnetv03-04,2018/06/21 14:16:40,34302707,1,12173,443,0,0,0x0,tcp,allow,483,405,78,4,2018/06/21 14:16:41,0,any,0,97437831801,0x0,FR,CA,0,3,1,n/a,0,0,0,0,CTX_PROD,frghcfwdmz01m,from-policy
In logstash I parse them with : CSV filter
csv {
source => "data"
columns => ["FUTURE_USE", "Receive Time", "Serial Number", "Type", "Subtype", "FUTURE_USE", "Generated Time", "src_ip", "dst_ip", "NAT Source IP", "NAT Source IP", "dst_mapped_ip", "Rule Name", "Source User", "Destination User", "Application", "Virtual System", "Source Zone", "Destination Zone", "src_interface", "dst_interface", "Log Forwarding Profile", "FUTURE_USE", "Session ID", "Repeat Count", "src_port", "dst_port", "src_mapped_ip", "NAT Destination Port", "Flags", "protocol", "action", "Bytes", "Bytes Sent", "Bytes Received", "Packets", "Start Time", "Elapsed Time", "Category", "FUTURE_USE", "Sequence Number", "Action Flags", "Source Location", "Destination Location", "FUTURE_USE", "Packets Sent", "Packets Received", "Session End Reason", "Device Group Hierarchy Level 1", "Device Group Hierarchy Level 2", "Device Group Hierarcherarchy Level 3", "Device Group Hierarchy Level 4", "Virtual System Name", "hostname", "Action Source"]
}
mutate {
remove_field => [ "data" ]
}
How can I do the same (which extractor) ?