Good morning, I am completely new to Graylog (or any SIEM really) and I was tasked to parse our firewall’s logs. There are around 40 total fields with only 10 being there all the time so the 30+ others are optionnal. I have been using one pipeline and GROK to parse the logs so I have a lot of ? be…

What is the most effective way to parse logs with lots of optionnal fields?

tmacgbay (Tmacgbay) June 22, 2022, 11:06pm 3

Here is a note on how I handled firewall traffic coming from PaloAlto firewalls:

1 Like

Topic		Replies	Views
New to Graylog - Palo Alto Logs New to Graylog Community? READ-ME FIRST Guides	0	372	June 27, 2024
Log normalization Graylog Central (peer support)	11	1660	May 24, 2019
Mapping fields of a string message Graylog Central (peer support) pipeline-rules	3	49	March 17, 2025
FW Palo alto Logs Graylog Central (peer support)	29	2779	May 27, 2019
Graylog & PaloAlto - Limit of total fields has been exceeded? Graylog Central (peer support)	3	1486	August 20, 2020