There were a lot of questions of cases with lookups, but something among them I did not find my answer.
There is a table in Lookup - fgt_policy.
The column1- is the policy number (field cfgobj in logs) and the column2- policy name.
The essence of the search query is that as soon as the policy is changed on the firewall, an allergy is triggered. There is no policy name in the firewall logs themselves, there is only a field with a number, so I created a table where I transferred all the names of our policies. Also, if a new code appears in the policy field (cfgobj), add it to the table fgt_policy. But in the current result, output only known event codes (cfgobj) with the name of the policy
Field in the firewall log with policy event code -cfgobj
So far it looks like this. The result also includes those codes for which the description in the column2 is not yet.
I will add the name of the policy to the table with my hands when new codes appear in the field cfgobj.