All Apps and Add-ons

Palo Alto Networks App for Splunk: Why is there no data in dashboards?

mwesche
Explorer

We're using the latest Palo Alto Networks App for Splunk version and are able to see syslog data in the System and Config dashboards but there is no data at all in the traffic, threat, or URL dashboards

0 Karma
1 Solution

mwesche
Explorer

So i figured out why i was not getting the traffic data. In panorama, i was making the changes to the collector group, syslog, etc and committed but i chose "Panorama" to commit to. It finally occurred to me that i needed to select the "Collector Group" radio button in the commit window for any change that i need to make to the panorama sylog collectors that i defined.

For those of you who use Panorama, you know what i'm talking about.

As soon as i committed to that, the logs started flooding in.

View solution in original post

mwesche
Explorer

So i figured out why i was not getting the traffic data. In panorama, i was making the changes to the collector group, syslog, etc and committed but i chose "Panorama" to commit to. It finally occurred to me that i needed to select the "Collector Group" radio button in the commit window for any change that i need to make to the panorama sylog collectors that i defined.

For those of you who use Panorama, you know what i'm talking about.

As soon as i committed to that, the logs started flooding in.

richgalloway
SplunkTrust
SplunkTrust

If your problem is resolved please accept your answer to help future readers.

---
If this reply helps you, Karma would be appreciated.
0 Karma

mwesche
Explorer

I've seen that post too. I am using Panorama to aggregate all the firewall logs and then forward from panorama to splunk. I do have panorama collector group configured to send system, config, traffic, and threat (at "Local_User level. That has been quadruply checked. I don't know how to validate that the logs are leaving panorama but i did access its cli and ran a debug command to see the log forwarding stats that the en queued and sent stats are incrementing togehter and with the same stat count so i know that panorama is sending logs and by the stat count they all cant be just config or system stats. we're not generating that many of those logs.

0 Karma

lfedak_splunk
Splunk Employee
Splunk Employee

Hey @mwesche! I found this similar post and the answer might solve your problem! https://answers.splunk.com/answers/146201/why-is-splunk-for-palo-alto-networks-app-not-displaying-tr...

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...