Once PaloAlto firewall was upgraded to Version 9.1.6 , Our PaloAlto App Version 6.2.0 stopped showing the Global Protect logs . I Upgraded the Palo Alto Networks Add-on for Splunk and Palo Alto Networks App for Splunk to 6.5.0 . I installed the App+Add-on on Search Heads whereas I installed the Add-on on Indexers and Heavy Forwarders . All the dashboards under Operations are Working but The dashboard for GlobalProtect (PANOS >= 9.1) is not working at all .
The App documentation does not mention on what changes were done for Global protect logs and what to do if you are unable to see it .
Please note that data model pan_firewall is fully build and has data . All other data models are disable as we do not have those products .
Any Ideas .
Update
======
Earlier I had upgraded from 6.2.0 to 6.5.1 and then rolled back to 6.5.0 . I guess that caused some Problem . So I uninstalled the App and Add on from the Server . Installed them again from Scratch and Populated the data model from scratch . Now it is is showing perfectly .
Update
======
Earlier I had upgraded from 6.2.0 to 6.5.1 and then rolled back to 6.5.0 . I guess that caused some Problem . So I uninstalled the App and Add on from the Server . Installed them again from Scratch and Populated the data model from scratch . Now it is is showing perfectly .
That add-on is supported by the developer. Contact them at splunkapp@paloaltonetworks.com
This is a good suggestion and I was thinking about it . But I thought to try it here first .