All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Palo Alto Networks App for Splunk: Why is there no data in dashboards?

mwesche
Explorer
‎08-10-2017 11:54 AM

We're using the latest Palo Alto Networks App for Splunk version and are able to see syslog data in the System and Config dashboards but there is no data at all in the traffic, threat, or URL dashboards

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

mwesche
Explorer
‎08-11-2017 01:17 PM

So i figured out why i was not getting the traffic data. In panorama, i was making the changes to the collector group, syslog, etc and committed but i chose "Panorama" to commit to. It finally occurred to me that i needed to select the "Collector Group" radio button in the commit window for any change that i need to make to the panorama sylog collectors that i defined.

For those of you who use Panorama, you know what i'm talking about.

As soon as i committed to that, the logs started flooding in.

View solution in original post

Reply
Solved! Jump to solution
Solution

mwesche
Explorer
‎08-11-2017 01:17 PM

So i figured out why i was not getting the traffic data. In panorama, i was making the changes to the collector group, syslog, etc and committed but i chose "Panorama" to commit to. It finally occurred to me that i needed to select the "Collector Group" radio button in the commit window for any change that i need to make to the panorama sylog collectors that i defined.

For those of you who use Panorama, you know what i'm talking about.

As soon as i committed to that, the logs started flooding in.

Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎08-11-2017 01:19 PM

If your problem is resolved please accept your answer to help future readers.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Solved! Jump to solution

mwesche
Explorer
‎08-10-2017 01:58 PM

I've seen that post too. I am using Panorama to aggregate all the firewall logs and then forward from panorama to splunk. I do have panorama collector group configured to send system, config, traffic, and threat (at "Local_User level. That has been quadruply checked. I don't know how to validate that the logs are leaving panorama but i did access its cli and ran a debug command to see the log forwarding stats that the en queued and sent stats are incrementing togehter and with the same stat count so i know that panorama is sending logs and by the stat count they all cant be just config or system stats. we're not generating that many of those logs.

0 Karma
Reply
Solved! Jump to solution

lfedak_splunk
Splunk Employee
Splunk Employee
‎08-10-2017 01:23 PM

Hey @mwesche! I found this similar post and the answer might solve your problem! https://answers.splunk.com/answers/146201/why-is-splunk-for-palo-alto-networks-app-not-displaying-tr...

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Data Persistence in the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. What happens if the OpenTelemetry collector ...

Introducing Splunk 10.0: Smarter, Faster, and More Powerful Than Ever

Now On Demand Whether you're managing complex deployments or looking to future-proof your data ...

Community Content Calendar, September edition

Welcome to another insightful post from our Community Content Calendar! We're thrilled to continue bringing ...