According to the setup documentation, the input for Splunk for Palo Alto Networks should write to the pan_logs index, however, I would prefer that it write to the default index. My hope is that making this change is as easy as updating the `pan_index` macro to point to the default index rather than pan_logs, but are there any other considerations?
↧