Solved: Re: Palo Alto Networks Apps - Only Realtime Event ...

cody_richardson · ‎12-13-2018

Hello all,

I've configured the Palo Alto Networks App & Add-on, and am receiving traffic on my Splunk Indexers and am able to search the data using my Search Heads.

In the Palo Alto Networks App, I navigate to Operations > Realtime Event Feed, and this dashboard displays statistics about live traffic and appears to be working normally.

However, if I navigate to any other dashboard, it shows there is no data. This is true even if I expand the search parameter to all-time.

Any ideas on how to resolve this?

Thank you!

cody_richardson · ‎12-13-2018

The other dashboards have started displaying data after selecting "all time" under the Presets. In addition, not all Dashboards show data -- just some.

Thank you.

View solution in original post

cody_richardson · ‎12-13-2018

The other dashboards have started displaying data after selecting "all time" under the Presets. In addition, not all Dashboards show data -- just some.

Thank you.

cody_richardson · ‎12-13-2018

Hi muralikoppula,

All Palo Alto datamodels have been accelerated already.

Thanks.

muralikoppula · ‎12-13-2018

You need to accelerate Palo Alto datamodels..Check the below link

https://answers.splunk.com/answers/705888/palo-alto-networks-app-add-on-setup-1.html#answer-705942

Palo Alto Networks Apps - Only Realtime Event Feed Displays Data

Splunk Security Content for Threat Detection & Response, Q1 Roundup

Splunk Life | Happy Pride Month!

SplunkTrust | Where Are They Now - Michael Uschmann