https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-query-builder/m-p/510724#M2453 <P><SPAN>Hello <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/229028">@willh1</a>,</SPAN></P> <P>&nbsp;</P> <P><SPAN>If you have already confirmed that the Cortex Data Lake is sending the necessary logs (following the adequate procedures found at the documentation listed below), please ensure that you are able to view the firewall on the hub. From apps.paloaltonetworks.com/apps, navigate to the “Cortex Data Lake” app and ensure that your configured firewall is connected. This is indicated on the Inventory page with a green connected button under the "Connection Status" column.</SPAN></P> <P>&nbsp;</P> <P><SPAN>Please ensure that you have an up-to-date Pro-per-TB license as well since it could be the case that you are not hitting a quota under Dataset Management with an expired license. Navigate to Configurations &gt; Data Management &gt; Dataset Management to view your quota under the "Storage License Details" and ensure it does not exceed as indicated by the graph.</SPAN></P> <P>&nbsp;</P> <P><SPAN>Would you be able to provide the query you are searching with on the Query Builder or see if there are any results when utilizing the Network Connection query?</SPAN></P> <P>&nbsp;</P> <P><STRONG>Relevant documentation:</STRONG></P> <P>&nbsp;</P> <P>Start sending logs to the Cortex Data Lake:</P> <P><A href="https://docs.paloaltonetworks.com/cortex/cortex-data-lake/cortex-data-lake-getting-started/get-started-with-cortex-data-lake/start-sending-logs-to-cortex-data-lake" target="_blank">https://docs.paloaltonetworks.com/cortex/cortex-data-lake/cortex-data-lake-getting-started/get-started-with-cortex-data-lake/start-sending-logs-to-cortex-data-lake</A></P> <P>&nbsp;</P> <P>View Data Lake Inventory to see if the Firewall is connected:</P> <P><A href="https://docs.paloaltonetworks.com/cortex/cortex-data-lake/cortex-data-lake-getting-started/monitor-cortex-data-lake/devices-tab" target="_blank">https://docs.paloaltonetworks.com/cortex/cortex-data-lake/cortex-data-lake-getting-started/monitor-cortex-data-lake/devices-tab</A></P> <P>&nbsp;</P> <P>Data Management page:</P> <P><A href="https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/data-management/dataset-management" target="_blank">https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/data-management/dataset-management</A></P> Wed, 03 Aug 2022 19:17:11 GMT mfakhouri 2022-08-03T19:17:11Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-query-builder/m-p/510307#M2427 <P>Hello Community,<BR /><BR />Was wondering whether someone could assit me with an issue.<BR /><BR />So at the moment i cannot make any search via the "Query Builder".<BR /><BR />When i move to query center and create a custom query i can only return results when i search "<SPAN class="">dataset = pan_ngfw"<BR /><BR />when i enter a search for network story i get results but with barely any information (below)</SPAN></P> <P>&nbsp;</P> <P><BR />I have checked that cortex data lake is sending all necsassary logs from fw (file_data, threat, traffic, global protect etc)<BR /><BR />Can someone please adivse</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="willh1_0-1659109209207.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/42696iC345FBF3D0021B65/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="willh1_0-1659109209207.png" alt="willh1_0-1659109209207.png" /></span></P> Fri, 29 Jul 2022 15:46:03 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-query-builder/m-p/510307#M2427 willh1 2022-07-29T15:46:03Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-query-builder/m-p/510724#M2453 <P><SPAN>Hello <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/229028">@willh1</a>,</SPAN></P> <P>&nbsp;</P> <P><SPAN>If you have already confirmed that the Cortex Data Lake is sending the necessary logs (following the adequate procedures found at the documentation listed below), please ensure that you are able to view the firewall on the hub. From apps.paloaltonetworks.com/apps, navigate to the “Cortex Data Lake” app and ensure that your configured firewall is connected. This is indicated on the Inventory page with a green connected button under the "Connection Status" column.</SPAN></P> <P>&nbsp;</P> <P><SPAN>Please ensure that you have an up-to-date Pro-per-TB license as well since it could be the case that you are not hitting a quota under Dataset Management with an expired license. Navigate to Configurations &gt; Data Management &gt; Dataset Management to view your quota under the "Storage License Details" and ensure it does not exceed as indicated by the graph.</SPAN></P> <P>&nbsp;</P> <P><SPAN>Would you be able to provide the query you are searching with on the Query Builder or see if there are any results when utilizing the Network Connection query?</SPAN></P> <P>&nbsp;</P> <P><STRONG>Relevant documentation:</STRONG></P> <P>&nbsp;</P> <P>Start sending logs to the Cortex Data Lake:</P> <P><A href="https://docs.paloaltonetworks.com/cortex/cortex-data-lake/cortex-data-lake-getting-started/get-started-with-cortex-data-lake/start-sending-logs-to-cortex-data-lake" target="_blank">https://docs.paloaltonetworks.com/cortex/cortex-data-lake/cortex-data-lake-getting-started/get-started-with-cortex-data-lake/start-sending-logs-to-cortex-data-lake</A></P> <P>&nbsp;</P> <P>View Data Lake Inventory to see if the Firewall is connected:</P> <P><A href="https://docs.paloaltonetworks.com/cortex/cortex-data-lake/cortex-data-lake-getting-started/monitor-cortex-data-lake/devices-tab" target="_blank">https://docs.paloaltonetworks.com/cortex/cortex-data-lake/cortex-data-lake-getting-started/monitor-cortex-data-lake/devices-tab</A></P> <P>&nbsp;</P> <P>Data Management page:</P> <P><A href="https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/data-management/dataset-management" target="_blank">https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/data-management/dataset-management</A></P> Wed, 03 Aug 2022 19:17:11 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-query-builder/m-p/510724#M2453 mfakhouri 2022-08-03T19:17:11Z