All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to globally apply the field extractions from the Palo Alto Networks App for Splunk?

sbattista09
Contributor
‎03-01-2016 10:58 AM

I would like to globally apply the field extractions for the Palo Alto Networks App for Splunk and lock it down to its index so we do not get false positive matches when looking at data in another index. The goal is to have a dashboard listing our products metrics, however, the Palo Alto fields do not show up in the search app - they only show up in the Palo Alto app.

0 Karma
Reply

btorresgil
Builder
‎03-03-2016 12:16 PM

As kchamplin describes, the exports describe what is visible to other apps. You can change the exports in the existing app. Or, the latest Palo Alto Networks App 5.0 and Add-on export the field extractions to other apps by default. So upgrading to the latest app and addon from splunkbase will fix it.

0 Karma
Reply

kchamplin_splun
Splunk Employee
Splunk Employee
‎03-01-2016 11:14 AM

The app shouldn't be exporting any field names, it would be the TA (Splunk_TA_paloalto), and be default I believe it is set to export everything, at least on the latest version - per its default.meta file.
[]
access = read : [ * ], write : [ admin, power ]
export = system

how are you constructing your searches? most of these fields are associated with the sourcetype pan:*.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Register for .conf25!
Get Updates on the Splunk Community!

.conf25 Global Broadcast: Don’t Miss a Moment

Hello Splunkers, .conf25 is only a click away.  Not able to make it to .conf25 in person? No worries, you can ...

Observe and Secure All Apps with Splunk

 Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What's New in Splunk Observability - August 2025

What's New We are excited to announce the latest enhancements to Splunk Observability Cloud as well as what is ...