• Configured the new Data Source in the CloudSOC Tenant.
• Received the email notification that the new log file is processing; however, the Status: Uploaded file(s) do not contain a 'flex_logfile' file in the CSOC Tenant > Audit > Device Logs:
  • 

Uploaded file(s) do not contain a 'flex_logfile' file

File type may be UTF-16LE format as generated by the original source before processed into CloudSOC Tenant. UTF-8 (ASCII or plain text) is the only supported format file type.

Other possible causes within the file:

• • Null values within the file
  • Duplicate double quotes; e.g. ""10.10.10.10""
  • Line break characters and other special characters

Consider the following options to resolve this issue:
    1. Configure the output source to generate the UTF-8 file
         •  This configuration is managed outside the CloudSOC Tenant and supportability for the source is not a Symantec product
    2. Use a 3rd party software to convert the file type from the unsupported type to the UTF-8 format
         •  This software is managed outside the CloudSOC Tenant and supportability for the software is not a Symantec product

Note: For Broadcom products, please contact the support team of the specific software if you would like assistance configuring the output for that specific log file type to be in the UTF-8 format.

Review the log file(s); ensure that they are not generated with any of the content which would render the file unsupported.

For more information, see:

Flex universal log processor

Flex configuration directives