Dashboard

The Cortex Data Lake dashboard contains widgets that help you monitor log storage and ingestion.
The Dashboard gives you the latest status of your Cortex Data Lake instance. It displays several widgets that report on various metrics that you can use to assess the health of the instance.
Widget
Description
Storage
Shows the total amount of storage that you have purchased for your Cortex Data Lake tenant and how much you have used.
Cortex Data Lake retrieves this information in real-time, so it might differ from the information shown in the
Storage
Status/Configuration
, which updates at a different interval.
Connection Status
Displays the number of firewalls associated with your Cortex Data Lake tenant and identifies them with each of the following statuses:
  • Connected
    —The firewall has an active channel through which it is sending session logs to Cortex Data Lake.
  • Partially Connected
    —The firewall does not have an active channel through which it is sending session logs to Cortex Data Lake. However, it is sending Enhanced Application logs on a session-less channel.
  • Disconnected
    —The firewall does not have an active channel through which to send sessions logs to Cortex Data Lake, and it is not sending Enhanced Application Logs.
  • Need Certificate
    —The firewall does not have the certificate to connect to Cortex Data Lake
Click on any of these statuses to view the relevant firewalls on the
Inventory
page.
Below the connection statuses, you can see whether a Panorama is associated with your Cortex Data Lake instance.
You can also see how many firewalls in your customer support account are available for onboarding. Clicking the text launches firewall onboarding.
Latency
Displays the latency both for ingestion and log forwarding.
Ingestion latency is the time between when a log is generated on the firewall or Prisma Access to when it becomes available in Cortex Data Lake for querying.
Log Forwarding latency is the time between when the log is generated on the firewall or Prisma Access to when it becomes available in Cortex Data Lake for log forwarding.
The value presented here is the P50, which means that Cortex Data Lake will receive 50% of the logs with a lower latency.
This widget presents the real-time data for all logs received by Cortex Data Lake in the last five minutes. This widget also provides a comparison of the real-time latency with the average of the past 24 hours.
Service Availability
Provides the availability of the ingestion and log forwarding components within Cortex Data Lake. This widget shows real-time availability as well as hourly availability over the last 24 hours. The components can have the following states:
  • Available: The ingestion or log forwarding components are working perfectly fine.
  • Impacted: The ingestion or log forwarding components are in a degraded state that is causing a processing delay for ingestion and log forwarding. You will not lose logs, but you might see a delay in log availability for querying and log forwarding.
  • Unavailable: The ingestion or log forwarding components are down and causing log loss.
Log Forwarding Status
Provides the status of the different log forwarding profiles that you have configured to stream logs from Cortex Data Lake to external sources like syslog servers or SIEMs. A log forwarding profile can have the following states:
  • Running: The log forwarding profile is sending logs to the destination defined in the profile.
  • Failed: The log forwarding profile is not sending logs to the destination.
  • Pending: Cortex Data Lake is setting up your log forwarding profile. This is a temporary state when you create or modify a profile.
Incoming Log Rate
Provides a graph of the logs that Cortex Data Lake is ingesting. The graph shows the current (average over the last 5 minutes) incoming log rate for the tenant, how that rate varies from the average over time, and the trend of the log rate over time.
You can choose a time period of 24 hours, 7 days, or 30 days.
If you have enabled enhanced application logging on any firewalls or Prisma Access, the incoming log rate will include that as well.
Forwarding Log Rate
Provides a graph of the logs that Cortex Data Lake is forwarding to an external solution. The graph shows the current (avg over the last 5 mins) forwarding log rate for the tenant, how that rate varies from the average over time, and the trend of the log rate over time.
You can choose a time period of 24 hours, 7 days, or 30 days.
Incoming Log Table
Displays the logs that Cortex Data Lake is receiving from connected devices, organized by log type. You can
Search
for specific information in the table as well as select a time range of
Last 24 Hours
,
Last 7 Days
, or
Last 30 Days
.
  • Actual Retention—The number of days that Cortex Data Lake has stored the logs.
  • Target Retention—The number of days that you have set for Cortex Data Lake to store logs. Logs older than this value are deleted.
  • Avg Incoming Log Rate—The average rate at which your devices are sending logs to Cortex Data Lake.
  • Storage Used—The amount of storage used out of the storage you have allocated for the log type.
Forwarding Log Table
Displays the logs that Cortex Data Lake is forwarding to external destinations, organized by destination.
  • Profile Type—The type of log forwarding profile that is forwarding logs to the destination.
  • Profile Name—The name of the log forwarding profile that is forwarding logs to the destination.
  • Log Types Forwarded—The types of logs that Cortex Data Lake is forwarding to the destination.
  • Average Forwarding Rate—The average rate at which Cortex Data Lake is forwarding logs to the destination.
  • Forwarding Log Count—The number of logs that Cortex Data Lake is forwarding to the destination.
  • Dropped Log Count—The number of logs that did not arrive at the destination.
  • Forwarding Log Size—The size of the logs that Cortex Data Lake is forwarding to the destination.

Recommended For You