Solved: Re: Palo Alto Dashboards: Only parsing last 7 days

matthewfry · ‎09-11-2017

When I attempt to view any data via the Palo Alto addon, it only pulls data from the last 7 days. If i set the date range back further than 7 days, I get no data. However, I have confirmed that this data does exist in the Splunk database.

I cannot find anywhere to configure how far back the addon will look at data.

Any ideas?

panguy · ‎09-11-2017

The Data model Summary range is default to 7 days. The dashboards in our app will only show the last 7 days of events. This can be changed by adjusting the Summary Range in Settings > Data models > Edit Acceleration. Look for the Palo Alto Network Data models and adjust the Summary Range.

View solution in original post

panguy · ‎09-11-2017

The Data model Summary range is default to 7 days. The dashboards in our app will only show the last 7 days of events. This can be changed by adjusting the Summary Range in Settings > Data models > Edit Acceleration. Look for the Palo Alto Network Data models and adjust the Summary Range.

matthewfry · ‎09-11-2017

Thank you much! This is exactly what I was looking for!

Palo Alto Dashboards: Only parsing last 7 days

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Using Machine Learning for Hunting Security Threats

Observability Newsletter Highlights | March 2023