: Dashboard
Focus
Focus

Dashboard

Table of Contents

Dashboard

The
Cortex Data Lake
dashboard contains widgets that help you monitor log storage and ingestion.
The Dashboard gives you the latest status of your
Cortex Data Lake
instance. It displays several widgets that report on various metrics that you can use to assess the health of the instance.
Widget
Description
Connection Status
Displays the number of firewalls associated with your
Cortex Data Lake
tenant and identifies them with each of the following statuses:
  • Connected
    —The firewall has an active channel through which it is sending session logs to
    Cortex Data Lake
    .
  • Partially Connected
    —The firewall does not have an active channel through which it is sending session logs to
    Cortex Data Lake
    . However, it is sending Enhanced Application logs on a session-less channel.
  • Disconnected
    —The firewall does not have an active channel through which to send sessions logs to
    Cortex Data Lake
    , and it is not sending Enhanced Application Logs.
  • Need Certificate
    —The firewall does not have the certificate to connect to
    Cortex Data Lake
Click on any of these statuses to view the relevant firewalls on the
Inventory
page.
Below the connection statuses, you can see whether a Panorama is associated with your
Cortex Data Lake
instance.
You can also see how many firewalls in your customer support account are available for onboarding. Clicking the text launches firewall onboarding.
Forwarding Log Rate
Provides a graph of the logs that
Cortex Data Lake
is forwarding to an external solution. The graph shows the current (avg over the last 5 mins) forwarding log rate for the tenant, how that rate varies from the average over time, and the trend of the log rate over time.
You can choose a time period of 24 hours, 7 days, or 30 days.
Forwarding Log Table
Displays the logs that
Cortex Data Lake
is forwarding to external destinations, organized by destination.
  • Profile Type—The type of log forwarding profile that is forwarding logs to the destination.
  • Profile Name—The name of the log forwarding profile that is forwarding logs to the destination.
  • Log Types Forwarded—The types of logs that
    Cortex Data Lake
    is forwarding to the destination.
  • Average Forwarding Rate—The average rate at which
    Cortex Data Lake
    is forwarding logs to the destination.
  • Forwarding Log Count—The number of logs that
    Cortex Data Lake
    is forwarding to the destination.
  • Retry Log Count—The number of logs that did not arrive at the destination.
  • Forwarding Log Size—The size of the logs that
    Cortex Data Lake
    is forwarding to the destination.
Incoming Log Rate
Provides a graph of the logs that
Cortex Data Lake
is ingesting. The graph shows the current (average over the last 5 minutes) incoming log rate for the tenant, how that rate varies from the average over time, and the trend of the log rate over time.
You can choose a time period of 24 hours, 7 days, or 30 days.
If you have enabled enhanced application logging on any firewalls or
Prisma Access
, the incoming log rate will include that as well.
Incoming Log Table
Displays the logs that
Cortex Data Lake
is receiving from connected devices, organized by log type. You can
Search
for specific information in the table as well as select a time range of
Last 24 Hours
,
Last 7 Days
, or
Last 30 Days
.
  • Actual Retention—The number of days that
    Cortex Data Lake
    has stored the logs.
  • Target Retention—The number of days that you have set for
    Cortex Data Lake
    to store logs. Logs older than this value are deleted.
  • Avg Incoming Log Rate—The average rate at which your devices are sending logs to
    Cortex Data Lake
    .
  • Storage Used—The amount of storage used out of the storage you have allocated for the log type.
License Information
  • Displays your license expiry date with a countdown from the current date to help you know when it’s time to renew.
  • Shows instance details such as name, tenant ID, and serial number to quickly help Customer Support identify your instance if an issue arises.
Log Forwarding Status
Provides the status of the different log forwarding profiles that you have configured to stream logs from
Cortex Data Lake
to external sources like syslog servers or SIEMs. A log forwarding profile can have the following states:
  • Running—The log forwarding profile is ready to forward logs if the destination is reachable and ready to receive logs.
  • Failed—The log forwarding profile is not sending logs to the destination.
  • Pending—
    Cortex Data Lake
    is setting up your log forwarding profile. This is a temporary state when you create or modify a profile.
Latency
Displays the latency both for ingestion and log forwarding.
Ingestion latency is the time between when a log is generated on the firewall or
Prisma Access
to when it becomes available in
Cortex Data Lake
for querying.
Log Forwarding latency is the time between when the log is generated on the firewall or
Prisma Access
to when it becomes available in
Cortex Data Lake
for log forwarding.
The value presented here is the P50, which means that
Cortex Data Lake
will receive 50% of the logs with a lower latency.
This widget presents the real-time data for all logs received by
Cortex Data Lake
in the last five minutes. This widget also provides a comparison of the real-time latency with the average of the past 24 hours.
Service Availability
Provides the availability of the ingestion and log forwarding components within
Cortex Data Lake
. This widget shows real-time availability as well as hourly availability over the last 24 hours. The components can have the following states:
  • Available: The ingestion or log forwarding components are working perfectly fine.
  • Impacted: The ingestion or log forwarding components are in a degraded state that is causing a processing delay for ingestion and log forwarding. You will not lose logs, but you might see a delay in log availability for querying and log forwarding.
  • Unavailable: The ingestion or log forwarding components are down and causing log loss.
Storage
Shows the total amount of storage that you have purchased for your
Cortex Data Lake
tenant and how much you have used.
Cortex Data Lake
retrieves this information in real-time, so it might differ from the information shown in the
Storage
Status/Configuration
, which updates at a different interval.

Recommended For You