I recall we had this issue last time during the POC for PAN, but I don’t recall what the fix was.
I also disabled Splunk Enterprise Security to see if there was some sort of resource conflict but there appeared not to be.
When I checked the Palo Alto Networks Logs Data Models and then checked the Pivots and tried to build a table, I received the following errors:
[lab-splunk] The search for datamodel 'pan_logs' failed to parse, cannot get indexes to search
[splunk-index-ap] The search for datamodel 'pan_logs' failed to parse, cannot get indexes to search
[splunk-index-eu] The search for datamodel 'pan_logs' failed to parse, cannot get indexes to search
[splunk-index-sj] The search for datamodel 'pan_logs' failed to parse, cannot get indexes to search
If I ran a Pivot in “Network Traffic” I received no errors.

I also followed the below solution with no change in status.
http://answers.splunk.com/answers/138840/only-the-overview-dashboard-has-data-pan-app-v4-1-1-splunk-...
with no change in status

Palo Alto Networks Logs
This datamodel represents all the syslogs produced by Palo Alto Networks devices. The datamodel is structured such that all logs are part of the first root event object so the entire datamodel is accelerated.
MODEL
Objects
17 Events Edit
Permissions
Shared in App. Owned by nobody. Edit
ACCELERATION
Rebuild Update Edit
Status
Building
Access Count
0. Last Access: 1969-12-31T16:00:00-08:00
Size on Disk
0.00MB
Summary Range
31536000
Buckets
0

Waited a couple hours, restarted Splunk search head. Tried switching between PAN_index and PAN_logs per the instructions with no change in status.

PAN Logs are otherwise searchable and are showing up correctly it appears. Clocks between PAN FW's and Splunk app are within minutes of one another.

Configured PAN App using these instructions:
https://live.paloaltonetworks.com/docs/DOC-6593