Difference Between in" and "eq" While Filtering for Column user.src in Traffic Logs"

Difference Between in" and "eq" While Filtering for Column user.src in Traffic Logs"

0
Created On 09/26/18 13:49 PM - Last Modified 07/19/22 23:09 PM


Resolution


Overview

This document explains the difference between the keywords "in" and "eq" when used for user column.

 

When filtering the traffic logs based on source user column under Monitor > Logs > Traffic if using the "eq" keyword it will look for an exact match as shown below:

user_eq.JPG

In the example above, user.src eq 'plano2003\csharma' was searched, which gives the results sourced only from this user.

 

However, the "in" keyword can be used to search for all the users that are part of a group, shown as follows:

user_in.jpg

In the example above, all the traffic was searched that is sourced from users that are part of user.src in 'cn=sslvpn,cn=users,dc=plano2003,dc=com.

 

owner: csharma
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClrVCAS&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail