Palo Alto Networks Firewall TCP (PAN-OS v9+) input parse error

[qaxi]

Expected Behavior

field pan_source_user contains date 2021-12-29 08:06:50.775 +00:00

Current Behavior

field pan_source_user should contain username

Possible Solution

Take a look to https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/monitoring/use-syslog-for-monitoring/syslog-field-descriptions/user-id-log-fields.html#id23f3cbfb-946f-423f-bc48-50fdc2b68238

Steps to Reproduce (for bugs)

1. Use Graylog 4.2.4+b643d2b on f687edde0f02 (Oracle Corporation 1.8.0_312 on Linux 5.4.0-53-generic)
2. and Palo Alto Firewall 10.0.8
3. create Palo Alto Networks Firewall TCP (PAN-OS v9+) input

Context

Your Environment

• Graylog Version: 4.2.4+b643d2b
• Java Version: f687edde0f02 (Oracle Corporation 1.8.0_312 on Linux 5.4.0-53-generic)
• Elasticsearch Version: 7.10.2
• MongoDB Version: 4.2
• Operating System: Ubuntu 20.04
• Browser version: FF 95

[bernd]

FYI: I moved this from the server repository.