This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Scheduled Log Export based on custom queries

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Scheduled Log Export based on custom queries

anishuthuman
L0 Member

‎02-27-2022 10:11 PM

Is there any option to schedule custom traffic reports based on custom queries and to get it exported automatically .?

Currently, we are exporting the traffic logs manually from  Monitor > Logs >Traffic and pasting the queries ( some of the sample queries is mentioned below) in the search bar (apply filter) and export as csv file .  

We have many queries like below to export ..Kindly provide any option for scheduled export ..

 

example of some custom query is given below :

(receive_time geq '2022/01/12') and (receive_time leq '2022/01/13') and (( natdst eq 172.22.123.12 ) or ( addr.dst in 172.22.123.12 ))

(receive_time geq '2022/01/12') and (receive_time leq '2022/01/13') and ( addr.dst in 172.22.114.10 )

(receive_time geq '2022/01/12') and (receive_time leq '2022/01/13') and (( natdst eq 172.22.113.19 ) or ( addr.dst in 172.22.113.19 ))

0 Likes Likes
1 REPLY 1

kiwi
Community Team Member

‎02-28-2022 01:53 AM

Hi @anishuthuman ,

 

You can create a custom report (Monitor > Manage Custom Reports) and add your filters or create new ones using the 'query builder':

 

kiwi_0-1646041467142.png

 

Once created, you can add it to a report group (Monitor > PDF Reports > Report Group) and add the report group to an Email Scheduler (Monitor > PDF Reports > Email Scheduler).

 

Or if you don't want to create an email scheduler for it you can, once it's created and ran for a first time check it under 'Monitor > Reports'

 

Config Custom Reports 

 

Hope this helps,

-Kiwi.

 

 

 
LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.
0 Likes Likes
  • 1334 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks