- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Was wondering whether someone could assit me with an issue.
So at the moment i cannot make any search via the "Query Builder".
When i move to query center and create a custom query i can only return results when i search "dataset = pan_ngfw"
when i enter a search for network story i get results but with barely any information (below)
I have checked that cortex data lake is sending all necsassary logs from fw (file_data, threat, traffic, global protect etc)
Can someone please adivse
If you have already confirmed that the Cortex Data Lake is sending the necessary logs (following the adequate procedures found at the documentation listed below), please ensure that you are able to view the firewall on the hub. From apps.paloaltonetworks.com/apps, navigate to the “Cortex Data Lake” app and ensure that your configured firewall is connected. This is indicated on the Inventory page with a green connected button under the "Connection Status" column.
Please ensure that you have an up-to-date Pro-per-TB license as well since it could be the case that you are not hitting a quota under Dataset Management with an expired license. Navigate to Configurations > Data Management > Dataset Management to view your quota under the "Storage License Details" and ensure it does not exceed as indicated by the graph.
Would you be able to provide the query you are searching with on the Query Builder or see if there are any results when utilizing the Network Connection query?
Start sending logs to the Cortex Data Lake:
View Data Lake Inventory to see if the Firewall is connected:
Data Management page:
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!