We've installed the Splunk for Palo Alto Networks App and the documentation says we can forward either Firewall or Panorama logs to it.
We chose to do Panorama.
The data is coming in and being indexed, but not showing up in any of the views. The search results have no PaloAlto specific "Interesting Fields".
Looking at the actual syslog messages from Panorama, it seems they have a different format from the ones defined for SYSTEM, THREAT, etc. transforms.conf.
My question/observation is: Panorama seems to be sending a message format that the App cannot understand, so is Panorama really supported in this app?
