Delay in Panorama Log query when CDL is configured

Delay in Panorama Log query when CDL is configured

3036
Created On 01/11/23 15:07 PM - Last Modified 11/11/24 23:30 PM


Symptom


  • When querying logs under a specific device group while CDL is configured, and the time filter is set to All.
  • The search takes long time, which causes a delay in retrieving the logs.

Environment


  • Panorama appliances.
  • Cortex Data Lake license.
  • All PAN-OS versions.

Cause


Per design, Panorama sends the query to log collectors and CDL simultaneously, and it does not show the result until all queries are completed.
 

Resolution


Reduce the time filter from the interval drop-down to 7 days or less.

Additional Information


To check the queries and their response time use:

> show query jobs
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000kGDTCA2&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language