Splunk for Palo Alto Networks - PAN Overview
I am using Splunk for Palo Alto Networks App version 3.0. When viewing the PAN overview I see:0 PAN Reporting 0 Events 0 Block-URL N/A Top CategoryI checked the pan_* sources and we are receiving data...
View ArticlePalo Alto Networks - threats and webfiltering
I followed the instructions for setting up the Palo Alto app, and things seem to be working OK with the exception of certain logs. I have nothing showing up for threats and/or web filtering. I know for...
View ArticlePointing a Palo Alto Firewall to the free local version of Splunk?
Just need help getting our company's Panorama logs into the free download of Splunk on my machine. Need to use it as a test case.Thanks,Travis Fitzgerald
View Articlesize of tsidx files
Is there a way to define a maximum size for all tsidx files generated in tsidxstats directory using tscollect command. Could find any settings in indexes.conf or any other config file. According to the...
View Articlepanupdate command
I am trying to use the panupdate command to feed user/ip mapping data from splunk to PA. I have a search that is getting the addruser and addrip fields successfully. When I pipe my search to panupdate,...
View ArticleI downloaded 2.3 but it unpacked to 2.2.1
hi all! i downloaded PA App 2.3 but when i unpacked it only 2.2.1 ? Link wrong? Pls helpme!
View ArticleReceived event for unconfigured/disabled/deleted
I have configured the above settings as described, I see the below msg. Are there are any more settings that needs to be done to capture the events.received event for unconfigured/disabled/deleted...
View ArticleDashboard does not show anything
I can see sourcetype=pan_log but the dashboard isnt showing anything? I cant see any of the other sourcetypes. What am I missing?
View ArticlePalo Alto for Splunk error.
Here is what I am trying to accomplish. We have our wireless controllers forwarding syslog information to splunk, this works quite well. I now want Splunk to forward part of the syslog message(user...
View ArticleHow to Deploy Palo Alto Apps under Forwarder and Indexer environment
Hi,I follow the instruction to set up the data input config in inputs.conf of Forwarder server and install the Palo Alto Apps in Indexer server. I found the Indexer can receive the log successfully but...
View ArticleNo data showing on Splunk Palo Alto Networks App
Hi,I recently installed Splunk (5.0.3 trial version) with Palo Alto Apps version 3.2.1. When I connect to the PA-200 (ver 5.0) and set up PA box to send syslog to Splunk, I cannot see any data showing...
View ArticleThreat (Searches and Report)
hi,I installed Splunk for Palo Alto Networks app and i can see all the threat, content, wildfire and traffic logs fine. All the dashboard work fine as well. My question is when i click on the drop down...
View ArticlePalo Alto data not showing up
Running Splunk on RHEL x64 with the latest version of the Palo Alto app. On the over view screen I can see 1 pan reporting and events showing up nothing in the block-url and N/A on the top category...
View ArticleNo Data in Palo Alto App
I can see data being collected from my Palo Alto Devices (4 of them), but when I switch over to the Palo Alto App there is no data. Tried adding this into 2 locations:connection_host = IP Address...
View ArticleSplunk for Palo Alto HELP with Initial Configuration
We're trying to deploy the SPLUNK FOR PALO ALTO app in our environment (Windows). The app seems to have loaded correctly, as well as the required resources from the apps page. We setup the configs on...
View ArticleHow to completely remove remote data functionality in Splunk for Palo Alto...
Environment: Windows Splunk 5.0.4 Splunk for Palo Alto Networks 3.3.1I am looking to install the Splunk for Palo Alto networks in an environment where Splunk has no access to the outside world. That...
View ArticleHow to have “Splunk for Palo Alto Networks” read from the default index?
According to the setup documentation, the input for Splunk for Palo Alto Networks should write to the pan_logs index, however, I would prefer that it write to the default index. My hope is that making...
View ArticlePalo Alto for Splunk App and analyzing the System log auth-fail and auth-success
I want to be able to automate some of our security teams morning audit point and receive more real time results. We review each morning the System log auth-fail and auth-success events by querying...
View ArticleSplunk for Palo Alto (PAN software version)
Is the Splunk for Palo Alto app working with the 5.0 software version?
View ArticleInstalling Palo Alto App
I am attempting to install the Palo Alto App on Splunk, but every time I extract the files into the App folder, Splunk will refuse to restart. Is there something I'm missing?
View Article