HI, As PA document, https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/monitoring/use-syslog-for-monitoring/syslog-field-descriptions/escape-sequences.html, To maintain backward compatibility, the Misc field in threat log is always enclosed in double-quotes. Any field that contains a comma or a double-quote will be enclosed in double quotes. Furthermore, a double-quote appearing inside a field will be escaped by preceding it with another double-quote. The Misc field in threat log will always be enclosed in double-quotes to maintain backward compatibility. Is there any way to remove the double quotes for request=$misc for the CEF? Can the double quotes can be removed with this Escaping option?
... View more