All Apps and Add-ons

Global Protect Logs are not showing

ssubhani
Explorer

Once PaloAlto firewall was upgraded to Version 9.1.6 , Our PaloAlto App Version 6.2.0 stopped showing the Global Protect logs . I Upgraded the Palo Alto Networks Add-on for Splunk and  Palo Alto Networks App for Splunk to 6.5.0 .  I installed the App+Add-on on Search Heads whereas I installed the Add-on on Indexers and Heavy Forwarders . All the dashboards under Operations are Working but The dashboard for GlobalProtect (PANOS >= 9.1)  is not working at all .

The App documentation does not mention on what changes were done for Global protect logs and what to do if you are unable to see it . 

Please note that data model pan_firewall is fully build and has data . All other data models are disable as we do not have those products .

Any Ideas .

Labels (1)
0 Karma
1 Solution

ssubhani
Explorer

Update 

======

Earlier I had upgraded from 6.2.0 to 6.5.1 and then rolled back to 6.5.0 . I guess that caused some Problem . So I uninstalled the App and Add on from the Server . Installed them again from Scratch and Populated the data model from scratch . Now it is is showing perfectly .

View solution in original post

ssubhani
Explorer

Update 

======

Earlier I had upgraded from 6.2.0 to 6.5.1 and then rolled back to 6.5.0 . I guess that caused some Problem . So I uninstalled the App and Add on from the Server . Installed them again from Scratch and Populated the data model from scratch . Now it is is showing perfectly .

richgalloway
SplunkTrust
SplunkTrust

That add-on is supported by the developer.  Contact them at splunkapp@paloaltonetworks.com

---
If this reply helps you, Karma would be appreciated.
0 Karma

ssubhani
Explorer

This is a good suggestion and I was thinking about it . But I thought to try it here first . 

0 Karma
Get Updates on the Splunk Community!

Federated Search for Amazon S3 | Key Use Cases to Streamline Compliance Workflows

Modern business operations are supported by data compliance. As regulations evolve, organizations must ...

New Dates, New City: Save the Date for .conf25!

Wake up, babe! New .conf25 dates AND location just dropped!! That's right, this year, .conf25 is taking place ...

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...