Cortex Data Lake - Looking for a sting of data in the Description field

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Cortex Data Lake - Looking for a sting of data in the Description field

L1 Bithead

I am trying to do a search in CDL which will show me when a user disables their Global Protect agent on their end point.  I am able to perform this search in Panorama using the search "(opaque contains 'Agent Disable')" under GlobalProtect logs.  I am not able to replicate this in CDL

 

I can see the log in CDL looking in Firewall/GlobalProtect logs but I am unable to find a way to search for the string "Agent Disable" in the Description field.

John_J_0-1704997750305.png

Does anyone know how to search for a specific string in CDL?

 

Thanks!

1 accepted solution

Accepted Solutions

L1 Bithead

Figured it out:

Description LIKE "%Agent Disable%"

 

Need a % at both the start and the end of the string you are searching for.

View solution in original post

1 REPLY 1

L1 Bithead

Figured it out:

Description LIKE "%Agent Disable%"

 

Need a % at both the start and the end of the string you are searching for.

  • 1 accepted solution
  • 1986 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!