Splunk for Palo Alto Networks and Panorama
We've installed the Splunk for Palo Alto Networks App and the documentation says we can forward either Firewall or Panorama logs to it. We chose to do Panorama.The data is coming in and being indexed,...
View ArticleTop Applications error
the app is giving me the following error.In handler 'savedsearch': Error while dispatching searchAny ideas?
View ArticleUpdating the included csv files in 'lookups'
Does anyone know how to retrive an updated version of the csv files that define apps, threats, and services listed under 'lookups'? I would like to keep everything up to date if possible.
View ArticleNo results found on all dashboards except for Overview.
Hello,We have the latest version of the Palo Alto app on Splunk 6.0.2.The events are being sent correctly into Splunk. I can search for the various fields with the macros (pan_threat,...
View ArticleUsing a different index
I have a multi-tenant type environment where some of the tenants use Palo Alto Firewalls, and others use Cisco. For access control purposes each entity has it's own index on Splunk. How can I configure...
View ArticlePalo Alto App no_appending_timestamp problem
In my inputs.conf file, if I have "no_appending_timestamp = true" as shown in the documentation, no graphs are created. The data is parsed fine, just no graphs. When I go to say, the System Dashboard...
View Articletsidxstats for pan_traffic very large
On the search head: du -sh /opt/splunk/var/lib/splunk/tsidxstats/pan_traffic/ 183G /opt/splunk/var/lib/splunk/tsidxstats/pan_traffic/Any ideas on how to keep this in check?
View ArticleThreat (Searches and Report)
hi,I installed Splunk for Palo Alto Networks app and i can see all the threat, content, wildfire and traffic logs fine. All the dashboard work fine as well. My question is when i click on the drop down...
View ArticleContent Dashboard and Data Filtering Dashboard not working
I am running Splunk 6.0.2 and the 4.1 PAN Splunk App. All is working fine except the two mentioned dashboard remain empty. How can I troubleshoot ?Thanks Roland
View ArticleMultitenancy
We are feeding logs from many PAN Firewalls into the PAN Splunk App. Now is there a feature to assign a Admin Role only to a certain set of Firewalls by Serial Number or Host IP ? So this role can only...
View ArticleSchedule PDF Delivery Not getting enabled for Palo-Alto App
Hi All,I have installed the Splunk For Palo-Alto Networks App in Splunk 5.XThe events are coming in and the dahsboards are populated fine.When i click on Actions --> I see the scheduled PDF Delivery...
View ArticleContent dashboard not showing results, URL Filter dash working fine
Hi there,I can't seem to get the Content dashboard to display any data, the URL Filter dashboard is working fine, i'm exporting everything i can in the log forwarding.Any ideas?thankswarren
View ArticleSearches and Reports
Using the Palo Alto Networks app within Splunk and looking at pre-canned reports ('Top Sites', 'Top Users', etc..) the statistics tab shows data, however the Event tab always shows No Results found...
View ArticleData Latency with Palo Alto Network Logs
I have noticed that my data is indexing correctly but seems to be getting indexed more slowly than before. I have not upgraded and have used SoS to check the indexing performance.It looks like the...
View ArticleCannot Retrieve Data from Palot Alto’s WildFire
Hi, I just noticed that the Splunk no longer able to retrieve log form Wildfire since the end of March. Is there any method to troubleshoot the problem? Any ideas?Many Thanks! Kevin
View ArticlePalo Alto "Could not find macro" Error
I'm using Splunk v 6.0 and Splunk For Palo Alto v 4.1.When I go to the Threat Dashboard and click on a bar in the Threats By Risk Value graph, the following search returns an empty result set, even...
View Articlemonitoring PAN dynamic updates
I would really love to see the current version of Antivirus, Threat DB, url filtering, etc that are installed or need updates via sourcetype pan_system messages. If the version is old, failed to...
View ArticleSplunk for Palo Alto data collection
Hello,I forwarded my palo alto logs to my splunk server. I can see all logs on the splunk server, but no in the palo alto APP. How much time the Splunk Palo Alto APP will display the results ? Because...
View ArticleHow to manage DataModel acceleration storage (tstatsHomePath) ?
Is there a way to manage the storage limits on the tstatsHomePath for an index that is using Data Model acceleration ?I've installed the latest version of the Splunk for PaloAlto Networks that uses...
View ArticleSplunk for PaloAlto Networks configuration with a SearchHead (DataModel...
Hi,I have Splunk for PaloAltoNetworks App installed on a Splunk system with one Indexer and one Search Head. The indexer is where the PaloAlto App is configured to receive and index the events. The...
View Article