https://community.splunk.com/t5/All-Apps-and-Add-ons/Splunk-and-Palo-Alto-Cortex-Data-Lake-Data-for-global-protect/m-p/547431#M65346 <P>In case anyone else lands here, it appears Cortex Data Lake now supports forwarding directly to Splunk&nbsp; via HTTP Event Collector (HEC).<BR /><BR /><A href="https://docs.paloaltonetworks.com/cortex/cortex-data-lake/cortex-data-lake-getting-started/get-started-with-log-forwarding-app/forward-logs-to-an-https-server" target="_blank" rel="noopener">https://docs.paloaltonetworks.com/cortex/cortex-data-lake/cortex-data-lake-getting-started/get-started-with-log-forwarding-app/forward-logs-to-an-https-server</A></P> Sun, 11 Apr 2021 02:16:05 GMT swebb07g 2021-04-11T02:16:05Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Splunk-and-Palo-Alto-Cortex-Data-Lake-Data-for-global-protect/m-p/493384#M60725 <P>We are ingesting the firewall data from the panorama and GP cloud service logs from Cortex and ingesting the data to the same index pan_logs with sourcetype=pan:log.</P> <P>The logs from panorama are getting parsed properly, however, the data from the cortex data lake for global protect cloud service is not getting parsed. Does the Palo Alto Networks for Splunk add-on support data coming from Cortex? Any suggestions to make this work?</P> Thu, 20 Aug 2020 22:31:14 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Splunk-and-Palo-Alto-Cortex-Data-Lake-Data-for-global-protect/m-p/493384#M60725 shirishkamat84 2020-08-20T22:31:14Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Splunk-and-Palo-Alto-Cortex-Data-Lake-Data-for-global-protect/m-p/515318#M63095 <P>I am trying to get data from cortex data lake to our Splunk hosted on prem. We getting the logs but it’s garbage characters.</P><P>splunk is not able to open ssl input. Can you share splunk side config to make this work?</P><P>what were the parameters on inputs.conf and what third party CA you user and created pem files?</P><P>&nbsp;</P><P>any help would be appreciated&nbsp;</P> Thu, 20 Aug 2020 21:50:25 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Splunk-and-Palo-Alto-Cortex-Data-Lake-Data-for-global-protect/m-p/515318#M63095 hiren53 2020-08-20T21:50:25Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Splunk-and-Palo-Alto-Cortex-Data-Lake-Data-for-global-protect/m-p/534743#M64542 <P>I'm also curious about this.</P> Mon, 04 Jan 2021 23:57:19 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Splunk-and-Palo-Alto-Cortex-Data-Lake-Data-for-global-protect/m-p/534743#M64542 swebb07g 2021-01-04T23:57:19Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Splunk-and-Palo-Alto-Cortex-Data-Lake-Data-for-global-protect/m-p/535412#M64601 <P>I don't think Cortex Data Lake supports SSL (assuming you mean https). It does support syslog over TLS though.</P> Tue, 12 Jan 2021 01:45:51 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Splunk-and-Palo-Alto-Cortex-Data-Lake-Data-for-global-protect/m-p/535412#M64601 swebb07g 2021-01-12T01:45:51Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Splunk-and-Palo-Alto-Cortex-Data-Lake-Data-for-global-protect/m-p/547431#M65346 <P>In case anyone else lands here, it appears Cortex Data Lake now supports forwarding directly to Splunk&nbsp; via HTTP Event Collector (HEC).<BR /><BR /><A href="https://docs.paloaltonetworks.com/cortex/cortex-data-lake/cortex-data-lake-getting-started/get-started-with-log-forwarding-app/forward-logs-to-an-https-server" target="_blank" rel="noopener">https://docs.paloaltonetworks.com/cortex/cortex-data-lake/cortex-data-lake-getting-started/get-started-with-log-forwarding-app/forward-logs-to-an-https-server</A></P> Sun, 11 Apr 2021 02:16:05 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Splunk-and-Palo-Alto-Cortex-Data-Lake-Data-for-global-protect/m-p/547431#M65346 swebb07g 2021-04-11T02:16:05Z