I'd like to post this query before I move to support, maybe I'm doing/assuming something wrong here.
So a very simple log filter query "domain"
Searching shows a lot of information...
Now let's use "domain-udp"
comparing domain with domain-udp, domain-udp is, to me, more specific than just domain, right? ...Wrong?
I would say, this is a typical WTF?! question, but as I said above, maybe I'm doing/assuming something wrong with this search filter.
I narrowed down the time to get the highlighted dropped domain-udp sessions from the previous search.
The only difference I notice is the log type: the geo drops are marked as "log" were as for the matched rules are type: connection, but still we have a drop in the middle that hits the clean-up rule 180.
Can anyone explain to me, or is this really a support issue?