The Palo Alto Network App for Splunk seems to be working for traffic, threat and content but the GlobalProtect dashboard and log data are both blank.
I have no idea how to troubleshoot this.
I see the VPN traffic on the PAN firewall itself. All the policies that affect VPN are set to forward to Splunk.
Hi,
The Global Protect Dashboard gets informations from the system logs from the firewall. You can confirm you are sending system logs by searching for: sourcetype=pan:system
If you don't see any logs then you will need to go into the firewall and send system logs to Splunk.
Regards,
Paul
Hi,
The Global Protect Dashboard gets informations from the system logs from the firewall. You can confirm you are sending system logs by searching for: sourcetype=pan:system
If you don't see any logs then you will need to go into the firewall and send system logs to Splunk.
Regards,
Paul
I changed the firewall to start sending system logs to Splunk
I now see GlobalProtect log data but the dashboard is still blank
From the Palo Alto Networks App go to Search and type in pan_globalprotect
Do logs show up?
looks like the dashboard took a little while to populate
everything is working now
thanks
Great! No problem glad I could help.