I have some of the dashboards showing information and some do not. Currently I'm working on getting the global protect dashboard to show information.
While I do see global protect listed in some of the log files while looking at Pan:system; I do not see "log_subtype="globalprotect"".
I do see the following log subtypes:
vpn
general
auth
userid
url-filtering
I unfortunately have no idea how to tell the system how to parse the data for globalprotect.
Ian
Are you Splunking your Global Protect data? If not, then it will never appear on a dashboard until you do.
It's possible your data is formatted differently from what is expected by the dashboard. That can happen has products change over time. Perhaps log_subtype=vpn is what you need. Clone the dashboard and modify it to fit your data.
Unfortunately, the vpn log type is for our point-to-point tunnels and not GlobalProtect 😞
I do see global protect data if I look at the data directly, I just don't see it populating the dashboard .
Ian
If you can see the data using manual searches then you are halfway there. Clone the GP dashboard and modify it to use your manual searches.