HI all,
may i know how i want to filter all panw.panos.threat.id in KQL?
Can you elaborate on what exactly you are trying to achieve? If you want to filter out all document which have a threat id, you can use this: NOT panw.panos.threat.id:*
I have try using NOT panw.panos.threat.id:* but its not appear all threat id. However, its appear other than threat id.. So, i change the KQL to panw.panos.threat.id:* and its working..
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.