View Logs in Cortex Data Lake

In most cases, you can view logs stored in Cortex Data Lake locally on the product that is sending logs, or in Explore. The Explore app is free with Cortex Data Lake, and you should see it as listed on the Cortex hub as one of your apps after you’ve activated Cortex Data Lake. Explore provides an aggregated view of logs stored in Cortex Data Lake, and you can use Explore to search, filter, and export log data. This app offers you critical visibility into your enterprise's network activities by allowing you to easily examine network and endpoint log data.
Product or Service Sending Logs to Cortex Data Lake
Where to see the logs stored in Cortex Data Lake
Palo Alto Networks Firewalls (not managed by Panorama)
  • Use Explore to search, filter, and export firewall logs stored in Cortex Data Lake.
Panorama-Managed Firewalls
  • Use Explore to search, filter, and export firewall logs stored in Cortex Data Lake.
  • Use Panorama to view logs stored in Cortex Data Lake. The Panorama ACC and reports give you an aggregated view into your remote network traffic.
GlobalProtect cloud service
  • Use Explore to search, filter, and export firewall logs stored in Cortex Data Lake.
  • Use Panorama to view GlobalProtect cloud service logs stored in Cortex Data Lake. The Panorama ACC and reports give you an aggregated view into your remote network and mobile user traffic.
Traps management service
Cortex XDR—Analytics
  • Cortex XDR™—Analytics alerts are automatically written to Cortex Data Lake as log records. Log in to Cortex XDR—Analytics to view these alerts (they are not visible in Explore).

Related Documentation