Subnet search

To filter a subnet for any variable for PA logs:

Add Filter -> Edit as Query DSL

{
  "query": {
    "range": {
      "<variable>": {
        "gte": "<first_subnet_ip>",
        "lt": "<last_subnet_ip>"
      }
    }
  }
}

SMPH IT Knowledge Base > Kibana Tips > image2022-10-24_10-53-51.png

SMPH IT Knowledge Base > Kibana Tips > image2022-10-24_10-55-55.png

Filter by Vsys:

Traffic logs are duplicated potentially so you can add the following +filter to a query to make sure you're searching the right firewall vsys!

Datacenter Primary - panw.panos.vsys_name : SMPH-DDN (vsys14)

Animal-Primary - panw.panos.vsys_name : SMPH-ANIMAL (vsys2)

CSSC-Primary - panw.panos.vsys_name : SMPH-CSSC (vsys2)

432NM-Primary - panw.panos.vsys_name : SMPH-432NM (vsys38)