https://live.paloaltonetworks.com/t5/general-topics/scheduled-log-export-based-on-custom-queries/m-p/469118#M102889 <P>Is there any option to schedule custom traffic reports based on custom queries and to get it exported automatically .?</P><P>Currently, we are exporting the traffic logs manually from&nbsp; <FONT face="arial black,avant garde">Monitor &gt; Logs &gt;Traffic</FONT> and pasting the queries ( some of the sample queries is mentioned below) in the search bar (apply filter) and export as csv file .&nbsp;&nbsp;</P><P>We have many queries like below to export ..Kindly provide any option for scheduled export ..</P><P>&nbsp;</P><P>example of some custom query is given below :</P><P>(receive_time geq '2022/01/12') and (receive_time leq '2022/01/13') and (( natdst eq 172.22.123.12 ) or ( addr.dst in 172.22.123.12 ))</P><P>(receive_time geq '2022/01/12') and (receive_time leq '2022/01/13') and ( addr.dst in 172.22.114.10 )</P><P>(receive_time geq '2022/01/12') and (receive_time leq '2022/01/13') and (( natdst eq 172.22.113.19 ) or ( addr.dst in 172.22.113.19 ))</P> Mon, 28 Feb 2022 06:11:44 GMT anishuthuman 2022-02-28T06:11:44Z https://live.paloaltonetworks.com/t5/general-topics/scheduled-log-export-based-on-custom-queries/m-p/469118#M102889 <P>Is there any option to schedule custom traffic reports based on custom queries and to get it exported automatically .?</P><P>Currently, we are exporting the traffic logs manually from&nbsp; <FONT face="arial black,avant garde">Monitor &gt; Logs &gt;Traffic</FONT> and pasting the queries ( some of the sample queries is mentioned below) in the search bar (apply filter) and export as csv file .&nbsp;&nbsp;</P><P>We have many queries like below to export ..Kindly provide any option for scheduled export ..</P><P>&nbsp;</P><P>example of some custom query is given below :</P><P>(receive_time geq '2022/01/12') and (receive_time leq '2022/01/13') and (( natdst eq 172.22.123.12 ) or ( addr.dst in 172.22.123.12 ))</P><P>(receive_time geq '2022/01/12') and (receive_time leq '2022/01/13') and ( addr.dst in 172.22.114.10 )</P><P>(receive_time geq '2022/01/12') and (receive_time leq '2022/01/13') and (( natdst eq 172.22.113.19 ) or ( addr.dst in 172.22.113.19 ))</P> Mon, 28 Feb 2022 06:11:44 GMT https://live.paloaltonetworks.com/t5/general-topics/scheduled-log-export-based-on-custom-queries/m-p/469118#M102889 anishuthuman 2022-02-28T06:11:44Z https://live.paloaltonetworks.com/t5/general-topics/scheduled-log-export-based-on-custom-queries/m-p/469191#M102902 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/210858">@anishuthuman</a> ,</P> <P>&nbsp;</P> <P>You can create a custom report (Monitor &gt; Manage Custom Reports) and add your filters or create new ones using the 'query builder':</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="kiwi_0-1646041467142.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/39384i4E53289941290E26/image-size/medium?v=v2&amp;px=400" role="button" title="kiwi_0-1646041467142.png" alt="kiwi_0-1646041467142.png" /></span></P> <P>&nbsp;</P> <P>Once created, you can add it to a report group (Monitor &gt; PDF Reports &gt; Report Group) and add the report group to an Email Scheduler (Monitor &gt; PDF Reports &gt; Email Scheduler).</P> <P>&nbsp;</P> <P>Or if you don't want to create an email scheduler for it you can, once it's created and ran for a first time check it under 'Monitor &gt; Reports'</P> <P>&nbsp;</P> <P><A href="https://www.youtube.com/watch?v=E8TEneszgDc" target="_blank" rel="noopener">Config Custom Reports</A>&nbsp;</P> <P>&nbsp;</P> <P>Hope this helps,</P> <P>-Kiwi.</P> <P>&nbsp;</P> <P>&nbsp;</P> <DIV id="ConnectiveDocSignExtentionInstalled" data-extension-version="1.0.4">&nbsp;</DIV> Mon, 28 Feb 2022 09:53:42 GMT https://live.paloaltonetworks.com/t5/general-topics/scheduled-log-export-based-on-custom-queries/m-p/469191#M102902 kiwi 2022-02-28T09:53:42Z