Here is what I am trying to accomplish. We have our wireless controllers forwarding syslog information to splunk, this works quite well. I now want Splunk to forward part of the syslog message(user name and IP address) to our Palo Alto panorama virtual machine(10.0.2.10) which in turn will send it off to our Palo Alto firewall. When I run the following search in the Palo Alto app I get an error
index=main sourcetype=syslog rename "user account" AS addruser | rename "IP address" AS addrip | panupdate device=”10.0.2.10” devicegroup=”PA-grp”
the error I get is --> External search command 'panupdate' returned error code -1.
can someone add any insight.
thanks in advance, GMF