Using wildcards in a query on the traffic log and in custom reports

Showing results for 
Show  only  | Search instead for 
Did you mean: 

Using wildcards in a query on the traffic log and in custom reports

Not applicable

I was wondering if wildcards are supported on the reporting interface of the Panorama?

Actually I would like to run a very specific query on the traffic log. In the normal traffic log we see all the traffic of all our users.

I would like to report on the traffic patterns based on a certain kind of domain users. Therefor I need to be able to single them out.

Ip-addresses or IP-ranges is not a working scenario. So I was wondering if I could use wildcards in any kind of reports and query on Panorama.

We are running PANOS-3.1.6.


L4 Transporter

Hi There,

You can use subnets - (addr in

Or you can search on AD Domain Groups: (user in 'impressive\domain users')




Thanks for your answer.

The AD domain group is not working for us (although it could have been a solution).

We have different types of users in one and the same AD-group, and I want to isolate a particular group of users in that domain group.

Let me give you an example:

In AD Domain Group 'impressive\domain users' we have three types of users with a predefined format for their user-IDs:



















The user-Ids which start with ZD have more digits than the user-IDs with "AB" and "TR". Our AD organisation is historical and making changes to the AD for reporting reasons is not feasable.

I would be intrested to see if there is a significant difference in behaviour for the three groups. So I would like to make one report for each user group:

'impressive\domain users\AB*                (where * would be a wildcard disregarding the number of digits of characters)

'impressive\domain users\TR*                 (where * would be a wildcard disregarding the number of digits of characters)

'impressive\domain users\ZD*                 (where * would be a wildcard disregarding the number of digits of characters)


'impressive\domain users\AB??????                (where ? would be a wildcard for one character)

'impressive\domain users\TR??????                (where ? would be a wildcard for one character)

'impressive\domain users\ZD???????               (where ? would be a wildcard for one character)

I'm not sure it's doable, taking into account that we have 10.000+ users going through our device and that we currently have 700Gb of logging data on the Panorama-server.

Wildcards would be the most flexible and easiest solution. We also do not correlate group data with users in Panorama. We have a lot of groups and users and the PA-agent takes a lot of time to read the group memberschips.

Hi There,

You may need to contact your local sales team to file a feature request.

Many Thanks


you could experiment with adding monitoring specific groups on your AD and using these in the filters ...

eg.: add group monitoringAB monitoringTR and monitoringZD, add the users in there and then filter for impressive\monitoringAB



Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization


I know this thread is pretty old but is there a Solution yet. A AD Group is no solution, it is a workaround for a specific use case, which will not work in my case.

Regex is/should be a pretty good standard for filtering stuff.

Best Regards


Hi @Dat_Phil 

No, not yet. In pan-os/panorama you only have the existing filterpossibilities but not wildcard or regex. If you really need that, unfortunately there is no other way than using a third party solution like Splunk to filter for exactly what you need. 

Or you can tell us mlre about your specific use case - maybe someone knows a solution to it without buying additional software or using additional tools.

  • 6 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!