The documentation indicates that the default index is pan_logs; however, the default config files have pan_index as the default index. Please clarify which is correct.
To get the firewall data into Splunk
IMPORTANT: When you configure the input port, you must set the sourcetype of the firewall data to pan__log and the index to pan__logs. This can be done from the Web UI or the CLI. Then, configure the firewall to set traffic to Splunk.