monitoring PAN dynamic updates
I would really love to see the current version of Antivirus, Threat DB, url filtering, etc that are installed or need updates via sourcetype pan_system messages. If the version is old, failed to...
View ArticleUnable to see threat details, can still see traffic logs.
We are currently only able to see several threats (not all of them for a given timeframe) on the threat details page, and clicking on a threat from the pie chart which should open the threat details...
View ArticleInstalling Splunk for Palo Alto on a cluster
I have a V6 cluster with a Master Node, 5 Indexers, and a Search Head Pool with 3 Search Heads and 2 forwarders that receive all the data. The PAN logs come in on UDP 11112.The simple installation...
View ArticleMissing Detailed information
Using version 3.4 on Splunk 5.140868I have our PA data correctly being indexed to Pan_Logs, data seems to correctly be categorized into the correct sourcetypes and the dashboards are working as...
View ArticlePaloAlto events in Search
I am having two issues when searching PaloAlto events.When I first added PaloAlto events, all the fields had descriptors:src_ip= 50.0.0.1 dst_ip=10.0.0.1 app=facebook_social_plugin Now it just clumps...
View ArticleMissing Lookup Tables
We recently upgraded the PAN app in our splunk instances. It's now complaining that it can't find a couple different lookup tables: flowintegrator and port_lookupEvery time you run a search on the...
View ArticlePalo Alto for Splunk App - tsidx files
Is it possible for Splunk to stop creating tsidx files? My Splunk instance was happily indexing and creating tsidx files, until something happened. I believe it to no longer be creating tsidx files, as...
View ArticlePalo Alto for Splunk App - tsidx files
Is it possible for Splunk to stop creating tsidx files? My Splunk instance was happily indexing and creating tsidx files, until something happened. I believe it to no longer be creating tsidx files, as...
View ArticleHow do I keep the palo alto lookup files up to date?
Hi, How are the Palo Alto lookup files kept up to date? For example, app_lookup (app_list.csv)...the latest version doesn't seem to have some entries for certain apps.Thanks! Jeff
View ArticleSplunk for Palo Alto Networks Threat
I have a fresh install of the App and I am recieving most of the data. However, when I go to the Threat section and try to load the dashboards it gives me the "No results found. Inspect..." message....
View ArticlePalo Alto App - Traffic Dashboard
I have a question about a query within the Palo Alto App. As shipped the app displays total traffic grouped by egress and ingress interfaces. I just want to see the total egress traffic and the total...
View ArticlePalo Alto App Traffic Dashboard Error
If I try to query by IP in the traffic dashboard, I get the following error:Error in 'TsidxStats': WHERE clause is not an exact queryPlease let me know how I can resolve this error. I'm running splunk...
View ArticleAdd Credential error
Get the following error when Add new credentials for PAN devices: Encountered the following error while trying to update: In handler 'localapps': Error while posting to...
View ArticleNo Data with Version 3.0 of Palo App and Version 5.0.2 of Splunk
Hi ,I installed the palo alto app on a fresh splunk. followed the instructions in the readme and saw Events coming from the PA firewall. But PAN Overview didn't show any counter or the Google...
View ArticleCannot get sourcetypes to change
I am sending paloalto logs to a syslog server which then sets the index to "pan_logs" and the sourcetype to "pan_log" and forwards them onto our indexer/search head. I am able to see the logs on the...
View ArticleSplunk for Palo Alto Networks causing disk io congestion on search head
We have a Splunk setup that has two indexers and a search head running Splunk 5.0.4 and SplunkforPaloAltoNetworks 3.3.1 (upgrades to both are planned "soon"). There is another machine configured as a...
View ArticleTop applications error message
Hello,I get this error message on the "top applications" panel. In handler 'savedsearch': Error while dispatching searchIs this a bug or a configuration error message?Jo Christian
View ArticleIn Splunk for Palo Alto Networks searching by Source User gives No Results Found
I have had Splunk for Palo Alto Networks (4.0.1) installed for about a week now and for the most part it is working well. There are a few things that are not. When I attempt to search for anything by...
View ArticleSize of files in tsidxstats?
It looks like Splunk for Palo Alto Networks is using tscollect commands to create dashboards, and the files associated with these commands are stored in /opt/splunk/var/lib/splunk/tsidxstats. They seem...
View ArticleIndex Config for Palo Alto App
The documentation indicates that the default index is pan_logs; however, the default config files have pan_index as the default index. Please clarify which is correct.To get the firewall data into...
View Article