https://community.checkpoint.com/t5/Firewall-and-Security-Management/Using-rule-uid-filter-in-log-search/m-p/262313#M61264 <P>I think I got it...see below. Its a bit odd, since that field is NOT listed in log search options in smart console.</P> <P><A href="https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_SecurityManagement_AdminGuide/Topics-SECMG/Viewing-Rule-Logs.htm" target="_blank">https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_SecurityManagement_AdminGuide/Topics-SECMG/Viewing-Rule-Logs.htm</A></P> <P>layer_uuid_rule_uuid:(*_b4df506d-1437-4248-958a-7c6f80dd91a3)</P> <P>&nbsp;</P> Mon, 10 Nov 2025 12:18:59 GMT the_rock 2025-11-10T12:18:59Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Using-rule-uid-filter-in-log-search/m-p/262305#M61260 <P>Hi all,</P><P>I've been building a script that uses Management API to gather some information regarding logs.</P><P>I was trying to use the filter rule_uid, to just see logs regarding one specific rule, but no matter what uid I use, I never get results. I can just search for the UID of the rule with no key information, and it looks like only logs from that rule appear, however I would feel more confident if I could use a key:value filter to guarantee that I only get the logs I require (I attached photos of the filter results in the post).</P><P><BR />I know about the rule:&lt;number of rule&gt; filter, but I have multiple policies, so multiple rules number 1, 2, 3 etc... I could match that with the origin or something like that, but my life would be a lot easier if the filter rule_uid just worked.</P><P>Am I using the filter correctly? Anyone else knows of a key:value filter that would give me all logs of a specific rule, and that doesn't rely on repeatable values, like rule number or rule name?</P><P>Regards,</P><P>Rafael Santiago</P> Mon, 10 Nov 2025 11:29:46 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Using-rule-uid-filter-in-log-search/m-p/262305#M61260 RafaelSantiago 2025-11-10T11:29:46Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Using-rule-uid-filter-in-log-search/m-p/262308#M61261 <P>Im fairly sure it only works with UID itself, not rule_uid: flag, but I could be mistaken. Let me play around with it in the lab and will update you.</P> Mon, 10 Nov 2025 11:39:43 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Using-rule-uid-filter-in-log-search/m-p/262308#M61261 the_rock 2025-11-10T11:39:43Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Using-rule-uid-filter-in-log-search/m-p/262310#M61263 <P>You might be right. It is weird that we would have a rule_uid filter that doesn´t work though, even though it is hidden under the Other fields option. Perhaps a leftover from previous versions.<BR /><BR />Either way thank you for testing.&nbsp;</P><P>Regards,</P><P>Rafael Santiago</P> Mon, 10 Nov 2025 11:50:03 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Using-rule-uid-filter-in-log-search/m-p/262310#M61263 RafaelSantiago 2025-11-10T11:50:03Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Using-rule-uid-filter-in-log-search/m-p/262313#M61264 <P>I think I got it...see below. Its a bit odd, since that field is NOT listed in log search options in smart console.</P> <P><A href="https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_SecurityManagement_AdminGuide/Topics-SECMG/Viewing-Rule-Logs.htm" target="_blank">https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_SecurityManagement_AdminGuide/Topics-SECMG/Viewing-Rule-Logs.htm</A></P> <P>layer_uuid_rule_uuid:(*_b4df506d-1437-4248-958a-7c6f80dd91a3)</P> <P>&nbsp;</P> Mon, 10 Nov 2025 12:18:59 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Using-rule-uid-filter-in-log-search/m-p/262313#M61264 the_rock 2025-11-10T12:18:59Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Using-rule-uid-filter-in-log-search/m-p/262342#M61266 <P>of course mate! We all work as a team to find the solution, happy we can help.</P> Mon, 10 Nov 2025 14:36:35 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Using-rule-uid-filter-in-log-search/m-p/262342#M61266 the_rock 2025-11-10T14:36:35Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Using-rule-uid-filter-in-log-search/m-p/262343#M61267 <P>Perfect, it also works on my end.</P><P>The filter they show doesn't work but this hidden filter does<SPAN>&nbsp;<span class="lia-unicode-emoji" title=":grinning_face_with_sweat:">😅</span></SPAN>.<BR /><BR /></P><P>Thanks for the help!</P><P>Regards,</P><P>Rafael Santiago</P> Mon, 10 Nov 2025 14:36:37 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Using-rule-uid-filter-in-log-search/m-p/262343#M61267 RafaelSantiago 2025-11-10T14:36:37Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Using-rule-uid-filter-in-log-search/m-p/262345#M61268 <P>If you want me to test anything else in the lab, please let me know. I have really good R82 lab that manages both R82 and R81.20 clusters, as well as dedicated R82 smart event server, so its super convenient for any testing.</P> Mon, 10 Nov 2025 14:46:41 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Using-rule-uid-filter-in-log-search/m-p/262345#M61268 the_rock 2025-11-10T14:46:41Z