Possible Values for event_types

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Possible Values for event_types

L1 Bithead

Hello Community, 

 

I am trying to understand Palo Alto XDR logs fetched using API(XQL Query). 

I am using dataset as xdr_data, want to know what all event_types can come under this dataset. 

For ex: EVENT_LOG. 

What are the possible values we can get in the field event_type when using dataset=xdr_data.

 

I want to use event_type in the filter of XQL query, that is why I want to know the possible values. 

 

Any help would appreciate. 

Thank you. 

2 REPLIES 2

L4 Transporter

Hi @sushant1601 

 

You may refer to XQL schema reference guide to know the fields of xdr_data dataset along with their description here. Additionally when you create XQl query you get values like Autofill to select for that field, so either you may select from that or when write it will show the available value. As shared in below screenshot for reference:

PiyushKohli_0-1685525182383.png

PiyushKohli_1-1685527292923.png

 

Hope this helps!

Thanks

Thank you for your response. This does help me in understanding the schema, however the value I am using in event_type in XQL query does not match with the possible values provided in schema. 

"query": "dataset=xdr_data | filter event_type = EVENT_LOG"
 

Also, I am using postman to query API, autofill values I don't get. 

 

Thank you. 

  • 1386 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!