I have had Splunk for Palo Alto Networks (4.0.1) installed for about a week now and for the most part it is working well. There are a few things that are not. When I attempt to search for anything by Source User for any time frame I get back "No Results Found".
An example: On the Traffic Dashboard I can add my IP address and get results. I I clear the IP address and just add my username (either user or domainuser) I get no results. If I try both I get a whole new error "Error in 'TsidxStats': WHERE clause is not an exact query".
Any help would greatly be appreciated.