Oct 13 01:22:41 gke-standard-cluster-2-pool-1-6ea9f13a-g2z7 848 <142>1 2020-10-13T01:22:40.959Z stream-logfwd20-156653024-10121421-eq28-harness-16kn logforwarder - panwlogs - 1,2020-10-13T01:22:32.000000Z,007051000113358,GLOBALPROTECT,globalprotect,10.0,2020-10-13T01:22:06.000000Z,vsys1,gateway-switch-to-ssl,before-login,SAML,ipsec,xxxxx\xxxxx xxxxx,FI,machine_name3,xxx.xx.x.xx,::c307:39c8:ffff:0,xxx.xx.x.xx,::f32b:d251:ffff:0,67:11:5a:e2:d2:32,serialno_list-1,66567,Intel Mac OS,9.3.5,16777216,Admin,,opaque_list-0,success,San Francisco,1,connect_method_list-2,0,portal_list-2,557533,-9223372036854775808,2020-10-13T01:22:07.388000Z,select_type-0,50055,medium,"gateway-5,925,1;gateway-4,196,2;gateway-5,583,1;gateway-4,996,5;gateway-1,442,2;gateway-6,121,4;gateway-0,16,1;gateway-6,173,0;gateway-2,753,0;gateway-6,651,0;gateway-3,602,3;gateway-1,55,0;gateway-1,384,2;gateway-4,871,3;gateway-3,546,5;",
The fields are identified in the default order that they appear in each log
line.
HEADER,
log_time,
log_source_id,
log_type.value,
sub_type.value,
config_version.value,
time_generated,
vsys,
event_id.value,
stage,
auth_method,
tunnel,
source_user,
source_region,
endpoint_device_name,
public_ip.value,
public_ipv6.value,
private_ip.value,
private_ipv6.value,
host_id,
endpoint_serial_number,
endpoint_gp_version,
endpoint_os_type,
endpoint_os_version,
count_of_repeats,
quarantine_reason,
connection_error.value,
opaque,
status.value,
gpg_location,
login_duration,
connect_method,
connection_error.id,
portal,
sequence_no,
action_flags,
time_generated_high_res,
gateway_selection_type,
ssl_response_time,
gateway_priority.value,
attempted_gateways,
gateway,
dg_hier_level_1,
dg_hier_level_2,
dg_hier_level_3,
dg_hier_level_4,
vsys_name,
log_source_name,
vsys_id
