cancel
Showing results for 
Search instead for 
Did you mean: 

Filtering URL names from Palo Alto logs

Hello,

I work as an incident response analyst and one of our often used resources are the web proxy logs from our Palo Alto boxes.

We often receieve incident tickets involving clients visiting "www.badsite.com/bad/virus.pdf" or something along those lines.

We need to be able to search events in the URL filtering log using a URL string.

Unfortunately, URLs aren't available as a filter and I cannot figure out how to index them in the "Custom Types" menu.

Can anyone help? Will I need to create a custom rule so that we can index specific URLs?

Thanks,

Matt