Unable to filter ACC by Source or Destination IP Address. Global Filter returns "No data to display" on graphs

Unable to filter ACC by Source or Destination IP Address. Global Filter returns "No data to display" on graphs

3819
Created On 04/27/23 23:19 PM - Last Modified 10/26/23 04:04 AM


Symptom


  • After upgrading firewall to 10.2.3, No data is displayed on filtering ACC reports with source/destination IP.
  • In below snapshot, On filtering with SRC IP it results in "No Data Displayed"
  • GUI: ACC > Global Filter > Address 

  • Reportd.log (less mp-log reportd.log) displays error "BDX index search returns NULL rowset, no match found !"
PaloAlto@admin> less mp-log reportd.log
debug: pan_logdb_indexerv2_query_recursive(pan_logdb.c:5914): ** AND [src,192.168.55.10,3]: from 0 to 0 ... (bitfield 0, is_hash 0) >>>>> Src IP Filter
debug: pan_logdb_indexerv2_get_rowset_by_logfile(pan_logdb_indexer_v2.c:4419): ** use BDX as index
2022-11-17 23:57:21.735 -0800 debug: _bdx_get_rowset_by_logfile(pan_logdb_indexer_v2.c:4207): ** Open BDX index file: /opt/pancfg/mgmt/logdb/trsum/1/20221118/pan.000000000000.log.src.bdx
debug: _bdx_get_rowset(pan_logdb_indexer_v2.c:3778): ** BDX index search returns NULL rowset, no match found !
 
 

Environment

Cause


The fields for IP address are in IPv6 format.

Resolution


  1. The issue is fixed under PAN-208090 in PAN-OS 10.2.5, 10.1.11, 11.0.3.
  2. Upgrade of the PAN-OS fixes the issue.

Workaround:

For a Specific user, one can get the ACC reports by setting the filter as  IPV6 address. Use IPv4 to IPv6 converter here

Additional Information


Refer also: Release Guidance
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000g1ZZCAY&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail