https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/possible-values-for-event-types/m-p/544577#M4476 <P>Thank you for your response. This does help me in understanding the schema, however the value I am using in event_type in XQL query does not match with the possible values provided in schema.&nbsp;</P> <DIV> <DIV><SPAN>"query"</SPAN><SPAN>: </SPAN><SPAN>"dataset=xdr_data | filter event_type = EVENT_LOG"</SPAN></DIV> <DIV>&nbsp;</DIV> </DIV> <P>Also, I am using postman to query API, autofill values I don't get.&nbsp;</P> <P>&nbsp;</P> <P>Thank you.&nbsp;</P> Fri, 02 Jun 2023 13:32:34 GMT sushant1601 2023-06-02T13:32:34Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/possible-values-for-event-types/m-p/543207#M4457 <P>Hello Community,&nbsp;</P> <P>&nbsp;</P> <P>I am trying to understand Palo Alto XDR logs fetched using API(XQL Query).&nbsp;</P> <P>I am using dataset as&nbsp;<SPAN>xdr_data, want to know what all event_types can come under this dataset.&nbsp;</SPAN></P> <P><SPAN>For ex:&nbsp;EVENT_LOG.&nbsp;</SPAN></P> <P><SPAN>What are the possible values we can get in the field&nbsp;event_type when using dataset=xdr_data.</SPAN></P> <P>&nbsp;</P> <P><SPAN>I want to use event_type in the filter of XQL query, that is why I want to know the possible values.&nbsp;</SPAN></P> <P>&nbsp;</P> <P><SPAN>Any help would appreciate.&nbsp;</SPAN></P> <P><SPAN>Thank you.&nbsp;</SPAN></P> Wed, 24 May 2023 15:01:17 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/possible-values-for-event-types/m-p/543207#M4457 sushant1601 2023-05-24T15:01:17Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/possible-values-for-event-types/m-p/544134#M4459 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/293860">@sushant1601</a>&nbsp;</P> <P>&nbsp;</P> <P>You may refer to XQL schema reference guide to know the fields of <SPAN>xdr_data dataset&nbsp;</SPAN>along with their description <A href="https://docs-cortex.paloaltonetworks.com/r/Cortex-XQL-Schema-Reference-Guide/XDR_DATA-Fields" target="_self">here</A>. Additionally when you create XQl query you get values like Autofill to select for that field, so either you may select from that or when write it will show the available value. As shared in below screenshot for reference:</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="PiyushKohli_0-1685525182383.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/50497iF19B4203F7A180A5/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="PiyushKohli_0-1685525182383.png" alt="PiyushKohli_0-1685525182383.png" /></span></P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="PiyushKohli_1-1685527292923.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/50498iB360432997C7ED1A/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="PiyushKohli_1-1685527292923.png" alt="PiyushKohli_1-1685527292923.png" /></span></P> <P>&nbsp;</P> <P>Hope this helps!</P> <P>Thanks</P> Wed, 31 May 2023 10:02:47 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/possible-values-for-event-types/m-p/544134#M4459 PiyushKohli 2023-05-31T10:02:47Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/possible-values-for-event-types/m-p/544577#M4476 <P>Thank you for your response. This does help me in understanding the schema, however the value I am using in event_type in XQL query does not match with the possible values provided in schema.&nbsp;</P> <DIV> <DIV><SPAN>"query"</SPAN><SPAN>: </SPAN><SPAN>"dataset=xdr_data | filter event_type = EVENT_LOG"</SPAN></DIV> <DIV>&nbsp;</DIV> </DIV> <P>Also, I am using postman to query API, autofill values I don't get.&nbsp;</P> <P>&nbsp;</P> <P>Thank you.&nbsp;</P> Fri, 02 Jun 2023 13:32:34 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/possible-values-for-event-types/m-p/544577#M4476 sushant1601 2023-06-02T13:32:34Z