https://live.paloaltonetworks.com/t5/cortex-xsiam-discussions/how-to-configure-xql-to-detect-logs-not-reporting-rule/m-p/1247178#M315 <P>Folks,<BR /><BR />Awaiting for your valuable feedback</P> Mon, 02 Feb 2026 08:13:46 GMT H.Pachpande430929 2026-02-02T08:13:46Z https://live.paloaltonetworks.com/t5/cortex-xsiam-discussions/how-to-configure-xql-to-detect-logs-not-reporting-rule/m-p/1245910#M305 <P>I am able to retrieve logs successfully using XQL in Cortex XSIAM.<BR data-start="468" data-end="471" /><BR />However, <BR />I need to <STRONG data-start="490" data-end="588">configure an analytics rule that triggers when <EM data-start="539" data-end="586">any single expected source stops sending logs</EM></STRONG> (for 10 minute,1 hours,4 hours).<BR /><BR /></P> <UL> <LI data-start="736" data-end="796"> <P data-start="738" data-end="796">Detect when <STRONG data-start="750" data-end="775">any one host / source</STRONG> stops reporting logs</P> </LI> <LI data-start="797" data-end="844"> <P data-start="799" data-end="844">Alert should be raised <STRONG data-start="822" data-end="844">per missing entity</STRONG></P> </LI> <LI data-start="845" data-end="893"> <P data-start="847" data-end="893">Should work with <STRONG data-start="864" data-end="893">Scheduled Analytics Rules</STRONG></P> </LI> </UL> <P>&nbsp;</P> <P>&nbsp;</P> Mon, 19 Jan 2026 13:15:09 GMT https://live.paloaltonetworks.com/t5/cortex-xsiam-discussions/how-to-configure-xql-to-detect-logs-not-reporting-rule/m-p/1245910#M305 H.Pachpande430929 2026-01-19T13:15:09Z https://live.paloaltonetworks.com/t5/cortex-xsiam-discussions/how-to-configure-xql-to-detect-logs-not-reporting-rule/m-p/1247178#M315 <P>Folks,<BR /><BR />Awaiting for your valuable feedback</P> Mon, 02 Feb 2026 08:13:46 GMT https://live.paloaltonetworks.com/t5/cortex-xsiam-discussions/how-to-configure-xql-to-detect-logs-not-reporting-rule/m-p/1247178#M315 H.Pachpande430929 2026-02-02T08:13:46Z