Reports Return Different Results Using the Summary Database vs the Detail Database

Reports Return Different Results Using the Summary Database vs the Detail Database

19070
Created On 09/26/18 13:49 PM - Last Modified 06/12/23 10:05 AM


Resolution


Overview

Report results might be different depending on whether you select the summary database or the detailed database because of the way data is summarized from the traffic logs. Only 100,000 entries will be generated for each summary database on Palo Alto Networks devices and Panorama, starting from the most recent logs and going backwards. On the Palo Alto Networks M-100, 600,000 entries will be generated, starting with the most recent logs and going backwards. The summary database aggregates data from traffic logs every 15 mins. The detailed logs will show you all available data and will not be limited as the summarized logs.

logs.jpg

The database used can be configured under  Monitor > Manage Custom Reports.

 

owner: pmak
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClqJCAS&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language