topic Improve log filtering workflow with quick “exclude / NOT filter” option from Traffic logs in Panorama Discussions https://live.paloaltonetworks.com/t5/panorama-discussions/improve-log-filtering-workflow-with-quick-exclude-not-filter/m-p/1256564#M3105 <P data-end="225" data-start="217">Hi team,</P> <P data-end="225" data-start="217">&nbsp;</P> <P data-end="320" data-start="227">I’d like to suggest a small but impactful improvement to the Traffic Logs filtering workflow.</P> <P data-end="577" data-start="322">Today, when we click on a value in a log entry (e.g. source IP, destination IP, user, etc.), it automatically adds that value to the search bar as a positive filter (e.g. <CODE data-end="497" data-start="493">eq</CODE> / <CODE data-end="504" data-start="500">in</CODE>). This is extremely useful and significantly speeds up building queries.</P> <P data-end="829" data-start="579">However, during investigations, it is very common to also build exclusion filters (e.g. <CODE data-end="672" data-start="667">neq</CODE> / <CODE data-end="683" data-start="675">not in</CODE>) while drilling into traffic patterns. Right now, this requires manually editing the query after adding the value, which slows down the workflow.</P> <P data-end="944" data-start="831"><STRONG data-end="846" data-start="831">Suggestion:</STRONG><BR />Introduce a quick way to add a value as a negated filter directly from the log view. For example:</P> <UL data-end="1116" data-start="946"> <LI data-end="1004" data-start="946" data-section-id="vj70j6">Standard click → adds positive filter (current behavior)</LI> <LI data-end="1116" data-start="1005" data-section-id="9smjmr">Shift + click (or another modifier / UI option) → adds the same value as a negative filter (<CODE data-end="1104" data-start="1099">neq</CODE> / <CODE data-end="1115" data-start="1107">not in</CODE>)</LI> </UL> <P data-end="1370" data-start="1118"><STRONG data-end="1130" data-start="1118">Benefit:</STRONG><BR />This would significantly speed up investigative workflows by allowing analysts to quickly include or exclude values without manually editing the query syntax, reducing friction and improving usability during time-sensitive troubleshooting.</P> <P data-end="1489" data-start="1372">Thanks for considering this improvement — it would be a great enhancement for daily SOC / network analysis workflows.</P> Wed, 17 Jun 2026 13:09:33 GMT LeonardoMachado 2026-06-17T13:09:33Z Improve log filtering workflow with quick “exclude / NOT filter” option from Traffic logs https://live.paloaltonetworks.com/t5/panorama-discussions/improve-log-filtering-workflow-with-quick-exclude-not-filter/m-p/1256564#M3105 <P data-end="225" data-start="217">Hi team,</P> <P data-end="225" data-start="217">&nbsp;</P> <P data-end="320" data-start="227">I’d like to suggest a small but impactful improvement to the Traffic Logs filtering workflow.</P> <P data-end="577" data-start="322">Today, when we click on a value in a log entry (e.g. source IP, destination IP, user, etc.), it automatically adds that value to the search bar as a positive filter (e.g. <CODE data-end="497" data-start="493">eq</CODE> / <CODE data-end="504" data-start="500">in</CODE>). This is extremely useful and significantly speeds up building queries.</P> <P data-end="829" data-start="579">However, during investigations, it is very common to also build exclusion filters (e.g. <CODE data-end="672" data-start="667">neq</CODE> / <CODE data-end="683" data-start="675">not in</CODE>) while drilling into traffic patterns. Right now, this requires manually editing the query after adding the value, which slows down the workflow.</P> <P data-end="944" data-start="831"><STRONG data-end="846" data-start="831">Suggestion:</STRONG><BR />Introduce a quick way to add a value as a negated filter directly from the log view. For example:</P> <UL data-end="1116" data-start="946"> <LI data-end="1004" data-start="946" data-section-id="vj70j6">Standard click → adds positive filter (current behavior)</LI> <LI data-end="1116" data-start="1005" data-section-id="9smjmr">Shift + click (or another modifier / UI option) → adds the same value as a negative filter (<CODE data-end="1104" data-start="1099">neq</CODE> / <CODE data-end="1115" data-start="1107">not in</CODE>)</LI> </UL> <P data-end="1370" data-start="1118"><STRONG data-end="1130" data-start="1118">Benefit:</STRONG><BR />This would significantly speed up investigative workflows by allowing analysts to quickly include or exclude values without manually editing the query syntax, reducing friction and improving usability during time-sensitive troubleshooting.</P> <P data-end="1489" data-start="1372">Thanks for considering this improvement — it would be a great enhancement for daily SOC / network analysis workflows.</P> Wed, 17 Jun 2026 13:09:33 GMT https://live.paloaltonetworks.com/t5/panorama-discussions/improve-log-filtering-workflow-with-quick-exclude-not-filter/m-p/1256564#M3105 LeonardoMachado 2026-06-17T13:09:33Z