I am followed the steps mentioned in below link and setup SQUID topology. The logs are getting enriched and indexed and visible in Kibana.
Now i need to add BasicPaloAltoFirewallParser(Paloalto topology). Below is config json file.
I dont see any errors, but the logs are not pushed into "enrichments" topic
Any help would be much appreciated.
The issue was with logs which i was using. When i injected full logs from Paloalto firewall, the logs were being parsed, enriched and indexed.
Hopefully this will be helpfull for others.
View solution in original post