Panorama Query Builder

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Panorama Query Builder

L3 Networker

Hello,

 

We are an organization with thousends of users. Our user names have prefixes stranding for their departement or unit, for example tic_username for IT, mkt_username for marketing and so on.

 

I would like to generate custom report using Panorama Query builder but I'm unable to achieve this.

 

I have tried to use source user filters ("source user in" and "source user equal"). I have tried with our without domain name, with or without wildcard, but it always return no result.

 

How to properly use the query builder ?


Regards,

 

Laurent

2 REPLIES 2

Cyber Elite
Cyber Elite

Hi Laurent

 

have you tried (user.src in 'tic_'), for example, no wildcards

 

It would be helpful if you included how you formatted your queries exactly

 

 

Searching through logs, where do I start?

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

Hi reaper,

 

Yes I have tried this without success.

 

I have already tried following queries :

 

(user.src in 'prefix_')

(user.src in 'domain\prefix_')

(user.src in 'prefix_*')

(user.src in 'domain\prefix_*')

(srcuser eq prefix_)

(srcuser eq domain\prefix_)

(srcuser eq prefix_*)

(srcuser eq domain\prefix_*)

 

  • 2125 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!