Error "Invalid term ( name-of-threatid eq )"

When filtering threat logs using name-of-threatid as search criteria, The error message Invalid term ( name-of-threatid eq <Threat Name> ) is displayed. and the following error log is found:

reported.log 

Error: pan_log_query_parse_single_expr(pan_log_query.c:13036): Error getting the subexpr for override for the 1st round, try AOAG expansion
Error: pan_config_parse(pan_log_query.y:116): unable to parse single expr: name-of-threatid eq IRT-Cortex-xSOAR-Block_Domain_DenyList
Error: pan_log_query_parse_nolock(pan_log_query.c:13554): Invalid term ( name-of-threatid eq IRT-Cortex-xSOAR-Block_Domain_DenyList )
Error: pan_log_query_parse_nolock(pan_log_query.c:13555): query: ((((receive_time leq now) and ((subtype eq attack) or (subtype eq virus) or (subtype eq spyware) or (subtype eq vulnerability) or (subtype eq flood) or (subtype eq packet) or (subtype eq resource) or (subtype eq scan) or (subtype eq wildfire-virus) or (subtype eq ml-virus)))) and ((( name-of-threatid eq IRT-Cortex-xSOAR-Block_Domain_DenyList )) AND ( receive_time in last-60-days)))
Error: pan_log_query_parse_ufq_req(pan_log_handler.c:4958): NUFQ(pan_log_query_parse_ufq_req): invalid effective query is: [((((receive_time leq now) and ((subtype eq attack) or (subtype eq virus) or (subtype eq spyware) or (subtype eq vulnerability) or (subtype eq flood) or (subtype eq packet) or (subtype eq resource) or (subtype eq scan) or (subtype eq wildfire-virus) or (subtype eq ml-virus)))) and ((( name-of-threatid eq IRT-Cortex-xSOAR-Block_Domain_DenyList )) AND ( receive_time in last-60-days)))
Error: reportd_log_query_handle(query.c:197): Error parsing query request in:reportd
Error: reportd_handle_xml_req(req.c:2147): Error handling log-request in:reportd

• Panorama
• PAN-OS 11.1.10 and before

PAN-276276

PAN-276276
Fix in 12.1.2, 12.2.0, 11.1.11, 10.2.17

Workaround:  Using the "threat_name" attribute in place of "name-of-threatid" for filtering threat logs.