All Apps and Add-ons
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Palo Alto Networks App for Splunk: Why is there no data in dashboards?

mwesche
Explorer
‎08-10-2017 11:54 AM

We're using the latest Palo Alto Networks App for Splunk version and are able to see syslog data in the System and Config dashboards but there is no data at all in the traffic, threat, or URL dashboards

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

mwesche
Explorer
‎08-11-2017 01:17 PM

So i figured out why i was not getting the traffic data. In panorama, i was making the changes to the collector group, syslog, etc and committed but i chose "Panorama" to commit to. It finally occurred to me that i needed to select the "Collector Group" radio button in the commit window for any change that i need to make to the panorama sylog collectors that i defined.

For those of you who use Panorama, you know what i'm talking about.

As soon as i committed to that, the logs started flooding in.

View solution in original post

Reply
Solved! Jump to solution
Solution

mwesche
Explorer
‎08-11-2017 01:17 PM

So i figured out why i was not getting the traffic data. In panorama, i was making the changes to the collector group, syslog, etc and committed but i chose "Panorama" to commit to. It finally occurred to me that i needed to select the "Collector Group" radio button in the commit window for any change that i need to make to the panorama sylog collectors that i defined.

For those of you who use Panorama, you know what i'm talking about.

As soon as i committed to that, the logs started flooding in.

Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎08-11-2017 01:19 PM

If your problem is resolved please accept your answer to help future readers.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Solved! Jump to solution

mwesche
Explorer
‎08-10-2017 01:58 PM

I've seen that post too. I am using Panorama to aggregate all the firewall logs and then forward from panorama to splunk. I do have panorama collector group configured to send system, config, traffic, and threat (at "Local_User level. That has been quadruply checked. I don't know how to validate that the logs are leaving panorama but i did access its cli and ran a debug command to see the log forwarding stats that the en queued and sent stats are incrementing togehter and with the same stat count so i know that panorama is sending logs and by the stat count they all cant be just config or system stats. we're not generating that many of those logs.

0 Karma
Reply
Solved! Jump to solution

lfedak_splunk
Splunk Employee
Splunk Employee
‎08-10-2017 01:23 PM

Hey @mwesche! I found this similar post and the answer might solve your problem! https://answers.splunk.com/answers/146201/why-is-splunk-for-palo-alto-networks-app-not-displaying-tr...

0 Karma
Reply
Get Updates on the Splunk Community!

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...

The Latest Cisco Integrations With Splunk Platform!

Join us for an exciting tech talk where we’ll explore the latest integrations in Cisco + Splunk! We’ve ...

AI Adoption Hub Launch | Curated Resources to Get Started with AI in Splunk

Hey Splunk Practitioners and AI Enthusiasts! It’s no secret (or surprise) that AI is at the forefront of ...
Top