> For the complete documentation index, see [llms.txt](https://docs.panther.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.panther.com/data-onboarding/supported-logs.md).

# Supported Logs

## Overview

Panther has native schema support for each of the [sources listed below](#panther-supported-log-sources), with different supported methods to ingest data depending on the log source.

If you would like to ingest logs from a source not listed as Panther-supported, you can either define your own [Custom Log](/data-onboarding/custom-log-types.md) source or [request support of a new log source](/data-onboarding.md#request).

For information on tracking logged activity within your Panther instance, please see [Panther Audit Logs](/data-onboarding/supported-logs/panther-audit-logs.md).

View all [Panther-supported log sources in the list below](#panther-supported-log-sources) or in your Panther Console, by navigating to the **Log Sources** > **Add New Source** page. There, you can browse sources in the grid or use the search bar to find a source:

<figure><img src="/files/zuyw3a8Hj7E1FTDojvtO" alt="The heading reads, &#x22;What type of logs do you want to monitor with this source?&#x22; and below it is a circled search bar."><figcaption></figcaption></figure>

## Working with Panther-managed schemas

For each Panther-supported log source, Panther produces and maintains associated log schemas. You can find the schemas associated to each source on the source's documentation page.

Certain Panther-managed schemas have [field discovery](/data-onboarding/field-discovery.md) enabled. To verify whether field discovery is enabled for a specific schema, see [Verifying field discovery is enabled](/data-onboarding/field-discovery.md#verifying-field-discovery-is-enabled).

### Testing a Panther-managed schema

{% hint style="info" %}
The log files can be compressed using the following formats:

* gzip
* zstd (without dictionary)
  {% endhint %}

If you'd like to validate that a Panther-managed schema will parse your logs correctly, you can test sample logs against the Panther-managed schema (just like you can test logs against a custom schema). Follow the steps below:

1. In the left-hand navigation bar of your Panther Console, click **Configure** > **Schemas**.
2. Click on the name of a schema labeled `PANTHER MANAGED`**.**
3. In the upper-right corner, click **Test Schema**.
4. Choose **Upload Sample file** or **Paste sample event(s)**.
5. After uploading your sample(s), in the upper-right corner, click **Run Test**.

<figure><img src="/files/21bctwKUrbj0ygcojfeV" alt="There is a slide-out panel titled &#x22;Test schema against sample logs&#x22; and a circled &#x22;Run Test&#x22; button."><figcaption></figcaption></figure>

### Cloning a Panther-managed schema

It is not possible to edit a Panther-managed schema. Instead, you can clone the schema to create a copy of it, which you can edit. To clone a schema:

1. In the left-hand navigation bar of your Panther Console, click **Configure** > **Schemas**.
2. Click on the name of a schema in the list.
3. In the upper-right corner of the schema's details page, click **Clone**.

For information on editing a custom schema, see the [Custom Logs documentation](/data-onboarding/custom-log-types.md#editing-a-custom-schema).

## Troubleshooting supported logs

Visit the Panther Knowledge Base to [view articles about supported log sources](https://help.panther.com/Data_Sources/Supported_Logs) that answer frequently asked questions and help you resolve common errors and issues.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.panther.com/data-onboarding/supported-logs.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.