- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
We have the latest version of the Palo Alto app on Splunk 6.0.2.
The events are being sent correctly into Splunk. I can search for the various fields with the macros (pan_threat, pan_traffic,pan_url, etc) and get data.
The Overview dashboard looks to be working, but the "Top Applications" panel is showing an error of "In handler 'savedsearch': Error while dispatching search". This is the same problem as someone else posted about.
All of the other dashboards (Traffic, Threat, Content, WildFire, Console) return "No results found." for every panel.
Any pointers?
Thanks, Rob
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I found the issue.
I wasn't waiting long enough for the data to populate. It still doesn't show any data with the default 60 minute time interval. If I set it to the last day or so, it will start showing data in the dashboard panels.
Looks like you have to wait a few hours before the dashboards will start working.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I found the issue.
I wasn't waiting long enough for the data to populate. It still doesn't show any data with the default 60 minute time interval. If I set it to the last day or so, it will start showing data in the dashboard panels.
Looks like you have to wait a few hours before the dashboards will start working.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The dashboards should populate after 5 mins. Strange that it took longer, but glad it's working now.
