An admin user is created on the Palo Alto Networks firewall. The role assigned to this new admin user has only Monitor permissions for the WebGUI.
When this new admin user logs in and searches through any type of logs (traffic, threat, URL filtering etc), the source and destination IPs appear as subnet addresses instead of the host IP addresses.
Resolution
This is expected behavior for permissions on monitoring (reading) logs only. If the admin user should have permission for viewing the host IP addresses, then the Privacy option in the Admin Role profile must be enabled for that user.