12-01-2016 04:44 AM
I have a report which has been working fine for ages then it has just stopped, possibly when we upgraded from 6.1.14 to 7.1.6
The report has just stopped returning any data, so I looked into the query string and found that one element of the query seems to be causing the problem
The original query was:
((filename contains DVD) or (filename contains dvd) or (filename contains 1080p)) and not (filename contains .swf) and (user.dst neq '')
But it works if I take the dot off the swf file extension so this works:
((filename contains DVD) or (filename contains dvd) or (filename contains 1080p)) and not (filename contains swf) and (user.dst neq '')
So that means that between v6.1 and 7.1 the dot has become significant. I tried a couple of ways to "escape" it, but neither worked, so is there a way to allow a dot in the query string?
12-14-2016 09:10 AM
I raised it with support and they have confirmed it's a bug so it will be fixed in a future patch release.
Thanks
12-01-2016 05:49 AM
The filetype has dropped the '.' on the name. So you'll see 'pdf' in the logs instead of '.pdf'
12-01-2016 07:06 AM - edited 12-01-2016 07:08 AM
I dropped the dot in the filetype to make the report work again - that's what I am posting about. If you include the dot, the report finds no matches. However it used to work fine in V6.1 with the dot included. Without it, the query will match any filename with swf in it rather than only those with ".swf". Still not perfect but more likely to be an extension than without the dot.
That's why I asked if there is a way to allow a dot in the query string now that V7.1 behaves differently
12-01-2016 07:49 AM
Just generate the report with the query (filetype eq swf) and it will include only the swf file type instead of searching for swf across the whole filename
12-01-2016 08:00 AM - edited 12-01-2016 08:02 AM
Except there is no filetype variable available in the query builder?
12-01-2016 11:05 AM
Where are you trying to generate this report and what database are you running the query against?
12-05-2016 07:44 AM
It's a custom report in Panorama, using the Panorama Data Filtering log. As I said, it is querying the whole filename including the suffix, it is just that the query will no longer allow me to use the "." character in the query.
12-05-2016 08:01 AM
That makes sense, filetype is only available in wildfire which is where I thought you were searching for this info. The (filename contains .swf) query works perfectly fine on a standalone PA-200 and PA-3020 that I tested it on.
Potentially this is an issue due to running it through Panorama? Can you try to run the query on just one of the devices you are trying to target and see if it works properly?
12-14-2016 09:10 AM
I raised it with support and they have confirmed it's a bug so it will be fixed in a future patch release.
Thanks
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
