Solved: Palo Alto Networks Add-on for Splunk: Why is the p...

tclark_splunk · ‎12-13-2016

In the Palo Alto Networks Add-on for Splunk (Splunk_TA_paloalto) version 3.7.1, the pan_endpoint stanza is missing tags in the event types.conf file, and the pan_endpoint stanza is missing altogether in the tags.conf file. Why?

tclark_splunk · ‎12-13-2016

This isn't an answer to the question, but is how I dealt with the issue: I added the [pan_endpoint] stanza to the bottom of the tags.conf file in the local directory; I added 3 tags (malware, attack and operations) and I then disabled them. I did this as I had no data to drive the associated pan_endpoint search.

View solution in original post

tclark_splunk · ‎12-13-2016

This isn't an answer to the question, but is how I dealt with the issue: I added the [pan_endpoint] stanza to the bottom of the tags.conf file in the local directory; I added 3 tags (malware, attack and operations) and I then disabled them. I did this as I had no data to drive the associated pan_endpoint search.

Palo Alto Networks Add-on for Splunk: Why is the pan_endpoint stanza missing in tags.conf?

Splunk Search APIを使えば調査過程が残せます

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!

Join the Conversation

Palo Alto Networks Add-on for Splunk: Why is the pan_endpoint stanza missing in tags.conf?

Splunk Search APIを使えば調査過程が残せます

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!