I am running Splunk 6.0.2 and the 4.1 PAN Splunk App. All is working fine except the two mentioned dashboard remain empty. How can I troubleshoot ?
Thanks
Roland
Hi gafrol,
For the content and web activity report dashboards to populate, you need to send URL syslogs to Splunk. For the WildFire dashboard you need to send WildFire syslogs to Splunk.
URL syslogs require the URL Filtering license on the firewall, and WildFire logs require a WildFire license on the firewall.
If you are sending the logs and they still aren't populating, try using the macro pan_url
to verify the logs are getting received and parsed correctly.
Thanks for your reply. I am sending URL logs to Splunk. URL Filtering Dashboard is working. Wildfire Dashboard is working. Macro pan_url is also working. Still no data in Content and Data Filtering Dashboard.
I have the same issue.
We are not seeing information in the ‘data filtering’ dashboard. URL filtering works fine.
We have no ‘data filtering’ security profile setup but we are seeing data filtering data show up in the PAN firewall monitor dashboard for data filtering with files and executables. When I go to the PAN app there is no data within pan_data_filtering
.
I do, however see the data files and names etc in pan_file
so it seems like a portion of data filtering is working but maybe because we don't have a specific data filtering security profile setup on the firewall itself, maybe it's not getting flagged properly?
Not sure.