Using a different index
I have a multi-tenant type environment where some of the tenants use Palo Alto Firewalls, and others use Cisco. For access control purposes each entity has it's own index on Splunk. How can I configure...
View ArticlePalo Alto App no_appending_timestamp problem
In my inputs.conf file, if I have "no_appending_timestamp = true" as shown in the documentation, no graphs are created. The data is parsed fine, just no graphs. When I go to say, the System Dashboard...
View Articletsidxstats for pan_traffic very large
On the search head: du -sh /opt/splunk/var/lib/splunk/tsidxstats/pan_traffic/ 183G /opt/splunk/var/lib/splunk/tsidxstats/pan_traffic/Any ideas on how to keep this in check?
View ArticleContent Dashboard and Data Filtering Dashboard not working
I am running Splunk 6.0.2 and the 4.1 PAN Splunk App. All is working fine except the two mentioned dashboard remain empty. How can I troubleshoot ?Thanks Roland
View ArticleMultitenancy
We are feeding logs from many PAN Firewalls into the PAN Splunk App. Now is there a feature to assign a Admin Role only to a certain set of Firewalls by Serial Number or Host IP ? So this role can only...
View ArticleSchedule PDF Delivery Not getting enabled for Palo-Alto App
Hi All,I have installed the Splunk For Palo-Alto Networks App in Splunk 5.XThe events are coming in and the dahsboards are populated fine.When i click on Actions --> I see the scheduled PDF Delivery...
View ArticleContent dashboard not showing results, URL Filter dash working fine
Hi there,I can't seem to get the Content dashboard to display any data, the URL Filter dashboard is working fine, i'm exporting everything i can in the log forwarding.Any ideas?thankswarren
View ArticleSearches and Reports
Using the Palo Alto Networks app within Splunk and looking at pre-canned reports ('Top Sites', 'Top Users', etc..) the statistics tab shows data, however the Event tab always shows No Results found...
View ArticleData Latency with Palo Alto Network Logs
I have noticed that my data is indexing correctly but seems to be getting indexed more slowly than before. I have not upgraded and have used SoS to check the indexing performance.It looks like the...
View ArticlePalo Alto "Could not find macro" Error
I'm using Splunk v 6.0 and Splunk For Palo Alto v 4.1.When I go to the Threat Dashboard and click on a bar in the Threats By Risk Value graph, the following search returns an empty result set, even...
View ArticleSplunk for Palo Alto data collection
Hello,I forwarded my palo alto logs to my splunk server. I can see all logs on the splunk server, but no in the palo alto APP. How much time the Splunk Palo Alto APP will display the results ? Because...
View ArticleHow to manage DataModel acceleration storage (tstatsHomePath) ?
Is there a way to manage the storage limits on the tstatsHomePath for an index that is using Data Model acceleration ?I've installed the latest version of the Splunk for PaloAlto Networks that uses...
View ArticleSplunk for PaloAlto Networks configuration with a SearchHead (DataModel...
Hi,I have Splunk for PaloAltoNetworks App installed on a Splunk system with one Indexer and one Search Head. The indexer is where the PaloAlto App is configured to receive and index the events. The...
View ArticleOnly the Overview dashboard has data PAN-App v4.1.1 Splunk v6.1.1
I installed the Splunk for Palo Alto Networks app. I am getting data and my index and source types are correct. When I do searches, all the PA fields are getting extracted.However, I only the Overview...
View ArticleDashboard stopped working in Splunk for Palo Alto Networks
I was trying to grab the source code to build my own dashboard and now the URL dash is failing. Getting this error now Search query is not fully resolved. Any help would be appreciated. I was just...
View ArticleDoes app Splunk for Palo Alto Networks go on search head or indexer?
I'm getting ready to install the Splunk app for Palo Alto Networks 3.4 because we are running Splunk 5.0.5, but I have one question. Does the app go on the Search Head or the Indexer?
View ArticleSplunk for Palo Alto App - Peer Splunk Indexers
We've recently started to change our splunk topology from a single search head / indexer, to search head and remote peer indexers. The PAN splunk app will stay installed on the search head, however now...
View ArticleHow is "Top URL Category" on main Palo Alto app Dashboard populated? Mine...
Hi.Recently, the "Top URL Category" on my main Palo Alto app Dashboard shows "and" (yes, literally the word "and") as the Top URL Category. This was not always the case but not sure when it changed....
View ArticleWrong timestamp in Splunk for Palo Alto Network logs
Hi,I'm sending syslog from my PAN device to splunk and it's indexed with a date stating 2010 instead of 2014.Both index server and PAN device are using Europe/Stockholm and if I tcpdump traffic it's...
View ArticleCan Splunk for Palo Alto Networks app index data on my network without WildFire?
Sorry I'm Splunk newbie. I have Palo Alto Logs into Splunk (realtime).I'm installed Splunk for Palo Alto Networks and Config without WildFire Config. Can I use this app without WildFire. ( I mean...
View ArticleWhy is Splunk for Palo Alto Networks app not displaying traffic dashboard?
Every dashboard working but Traffic dashboard.."Search is waiting for input..." Splunk 6.1 and PA app 4.1.1
View ArticleWhy Splunk App for Palo Alto Networks produces less search results than...
The Splunk App for Palo Alto does not seem to be doing distributed searching. I have an indexer/search head in 3 different regions and when I do a search using the search app on each search head for...
View ArticleSuggestions to set up Splunk for Palo Alto Networks with multiple indexers?
All,I had a request from my user community to add Palo Alto syslogs to Splunk. I found an app, "Splunk for Palo Alto Networks", (release 3.3.2), and loaded it. On our test environment, consisting of 1...
View ArticleInstalling Splunk for Palo Alto Networks
Need some assistance in installing Splunk for Palo Alto.
View ArticleWhy can I not save an exported pdf from the Splunk for Palo Alto Networks App?
When I am in the Palo Alto Networks app and use the "Export PDF" button, a new browser tab opens to display the PDF. However, I cannot save the PDF. The "Save" button seems to be non-functional. Is...
View ArticleDoes Palo Alto Networks app lookup vendor_info_for_pan_config need to be set...
I have been using the Splunk for Palo Alto Networks app for quite some time now. I am running the most current version 4.1.1 on Splunk Enterprise 6.1.3. The other day, I discovered a conflict with...
View Articleinputs.conf for PAN app when collecting from syslog server
We already have the pan devices logging to our syslog-ng server. I have deployed the the following inputs.conf to the forwarder:# syslog forwarder inputs [monitor:///var/log/syslog/PaloAlto/]...
View ArticleEmpty Dashboards: How to configure inputs.conf for Splunk for Palo Alto...
We already have the pan devices logging to our syslog-ng server. I have deployed the the following inputs.conf to the forwarder:# syslog forwarder inputs [monitor:///var/log/syslog/PaloAlto/]...
View ArticleHow to blacklist an IP from being indexed for Splunk for Palo Alto Networks?
Hello,We have some PA devices in our network sending data to our master indexer over UDP:515. This data is being indexed fine, but one of our networks that's monitored is a guest network, and is...
View ArticleWhy are Splunk for Palo Alto Networks Traffic and Wildfire dashboards...
Palo App for Splunk all of a sudden not displaying traffic dashboard or Wildfire. All other content working.
View Article