Content Dashboard and Data Filtering Dashboard not...

gafrol · ‎04-08-2014

I am running Splunk 6.0.2 and the 4.1 PAN Splunk App. All is working fine except the two mentioned dashboard remain empty. How can I troubleshoot ?

Thanks
Roland

btorresgil · ‎04-08-2014

Hi gafrol,

For the content and web activity report dashboards to populate, you need to send URL syslogs to Splunk. For the WildFire dashboard you need to send WildFire syslogs to Splunk.

URL syslogs require the URL Filtering license on the firewall, and WildFire logs require a WildFire license on the firewall.

If you are sending the logs and they still aren't populating, try using the macro pan_url to verify the logs are getting received and parsed correctly.

gafrol · ‎04-08-2014

Thanks for your reply. I am sending URL logs to Splunk. URL Filtering Dashboard is working. Wildfire Dashboard is working. Macro pan_url is also working. Still no data in Content and Data Filtering Dashboard.

lbogle · ‎04-06-2015

I have the same issue.
We are not seeing information in the ‘data filtering’ dashboard. URL filtering works fine.
We have no ‘data filtering’ security profile setup but we are seeing data filtering data show up in the PAN firewall monitor dashboard for data filtering with files and executables. When I go to the PAN app there is no data within pan_data_filtering.
I do, however see the data files and names etc in pan_file so it seems like a portion of data filtering is working but maybe because we don't have a specific data filtering security profile setup on the firewall itself, maybe it's not getting flagged properly?
Not sure.

Content Dashboard and Data Filtering Dashboard not working

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms