Versions Compared

Old Version 2

changes.mady.by.user Thom Cleary

Saved on

compared with

New Version Current

changes.mady.by.user Eric Lenters

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: added vsys filtering info

...

Code Block
Add Filter -> Edit as Query DSL

{
  "query": {
    "range": {
      "<variable>": {
        "gte": "<first_subnet_ip>",
        "lt": "<last_subnet_ip>"
      }
    }
  }
}


Filter by Vsys:

Traffic logs are duplicated potentially so you can add the following +filter to a query to make sure you're searching the right firewall vsys!

  • Datacenter Primary - panw.panos.vsys_name : SMPH-DDN (vsys14)
  • Animal-Primary - panw.panos.vsys_name : SMPH-ANIMAL (vsys2)
  • CSSC-Primary - panw.panos.vsys_name : SMPH-CSSC (vsys2)
  • 432NM-Primary - panw.panos.vsys_name : SMPH-432NM (vsys38)