from Palo Alto -> URL Filtering log I had exported data on a csv file then I had imported on new Storage on Vantage Ultimate v.22.214.171.124
Before build a report, I take a look with Summaries Ad-Hoc analysis.
Inside the analysis, in the CATEGORY, together with good categories of Palo Alto, I see MANY More wrong categories.
For example category with name: "11243901" or "inQuirkMode:"False}(9999)"
I went in deep on log file an this values come from other field of the csv file (ex: seqno)
I guess this means the import process try some bad charter on the log file and fail to import the correct field on the correct place.
For example, the bad category value 11243901 appear only the following csv row:
1,2017/01/03 10:14:26,002201001619,THREAT,url,1,2017/01/03 10:14:26,126.96.36.199,188.8.131.52,184.108.40.206,220.127.116.11,MyRule,mydomain\pippo.foo,,google-base,vsys1,LAN,UNTRUST,ae0,ae2,,2017/01/03 10:14:26,34041549,1,52109,80,21051,80,0x400000,tcp,alert,fonts.gstatic.com/s/oswald/v11/HqHm7BVC_nzzTui2lzQTDVtXRa8TVwTICgirnJhmVJw.woff2,(9999),computer-and-internet-info,informational,client-to-server,11243901,0x0,18.104.22.168-22.214.171.124,US,0,font/woff2,0,,,1,Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36,,,http://fonts.googleapis.com/css?family=Oswald:400,700,300,,,,0,0,0,0,0,,PALOALTO,
What went wrong ?
Do you have a workaround ?
Not export log files from WebGUI but export log files from Palo Alto CLI.
This trick give some advantages:
1) the problematic fields are delimitated by double quotas
2) you do not have the 65,535 row limit
An example of the command is:
scp export url start-time log equal 2017/01/04 @ 09: 00: 00 end-time equal 2017/01/04 @ 18: 00: 00 to email@example.com: /tmp/filone9-18.csv
After That, When you import the file on Vantage you do not have any problem.