Traffic vs Threat Logs
I am searching for the reasons behind the relatively large disparity between traffic logs and threat logs for specified traffic searches in splunk. Redirected sessions cant be a contributed factor when the firewall is set to "log container page only"




