07-20-2022 11:18 AM
I'm trying to run a search to include only events that include "Same LAN" but the search returns results that include the word "Same" OR "LAN". Is there a way to search only for results that include "Same" AND "LAN" with a space between them?
I'm trying to work around a broken malicious rogue reporting mechanism that we're working through a long term support case on. These logs are showing in the events but the rogue monitoring page doesnt seem to include Same LAN malicious rogues and lists these as a rogue with no policy rule matched.
07-21-2022 01:06 PM - edited 07-21-2022 01:08 PM
You can use the search filter in the below format, like I have done in the example screenshot, it will give you result for AND operation.
Search filter used = "Abnormal" "Termination"
In your example search filter will contain "Same" "LAN".
This filter will give you data results with space or any different word between them, as in below example.
Search filter used= "Abnormal" "Administrative"
07-21-2022 01:12 PM
Thank you for the response @vijaykuniyal but it does not allow me to get the results where I want to only return "Same LAN" with the space between these two words. I'm guessing there is some replacement "code" I need to use to include the space in the query for whatever the underlying filter software is.
For example, in all the ways I've tried, results include "Same" or "LAN" which does not help. I'm looking to return only results in which these two words are together.
07-21-2022 01:16 PM
May I know the firmware version of your SZ/vSZ, and any screenshot of the query for reference.
07-25-2022 05:51 AM
I'm running SZ v126.96.36.199.935. Please DM me and I'll get some screenshots over to you as theres a lot of private addresses and info in them.