I've seen that post too. I am using Panorama to aggregate all the firewall logs and then forward from panorama to splunk. I do have panorama collector group configured to send system, config, traffic, and threat (at "Local_User level. That has been quadruply checked. I don't know how to validate that the logs are leaving panorama but i did access its cli and ran a debug command to see the log forwarding stats that the en queued and sent stats are incrementing togehter and with the same stat count so i know that panorama is sending logs and by the stat count they all cant be just config or system stats. we're not generating that many of those logs.
So i figured out why i was not getting the traffic data. In panorama, i was making the changes to the collector group, syslog, etc and committed but i chose "Panorama" to commit to. It finally occurred to me that i needed to select the "Collector Group" radio button in the commit window for any change that i need to make to the panorama sylog collectors that i defined.
For those of you who use Panorama, you know what i'm talking about.
As soon as i committed to that, the logs started flooding in.
If your problem is resolved please accept your answer to help future readers.