Retrieving Logs

Use the
Explore
tab to retrieve log records by providing the log type and time range.
Use the
Explore
tab to retrieve log records stored in your Cortex Data Lake.
The
Explore
tab supports retrieval of all Firewall (PAN-OS) and Common logs.
Once you have retrieved the log records that you want, you can export them to a compressed GZ file, download the file to your local drive, and extract the comma-separated (CSV) file that it contains.
You can retrieve up to 65,536 log records at a time.
For details on the exact log types you can retrieve, and for a definition of each of their log fields, see the Explore Schema Reference guide.
To retrieve log records, you use the user interface to identify the following:
  • The log record type that you want to retrieve.
  • A time range over which you want to perform the retrieval.
  • (optional)
    A query which identifies the data that should or should not be present in the log records. If you do not provide a query string, the search will return every log record of the type you specify that was created during the time range that you provide — up to 65,536 records.

Recommended For You