I'm using Splunk v 6.0 and Splunk For Palo Alto v 4.1.
When I go to the Threat Dashboard and click on a bar in the Threats By Risk Value graph, the following search returns an empty result set, even though I just selected a non-empty time slot in the graph:
pan_threat severity="critical" earliest=1398209400.000 [| stats count | eval latest = 1398209400.000 + 300 | fields latest]
If I click on the arrow below the query box, it informs me:
In SearchParser: Could not find macro 'pan_threat' that takes 0 arguments. Expecting stanza name 'pan_threat'.
I think something is not being indexed, but I'm not sure. Any help would be appreciated.