All Apps and Add-ons

Palo Alto "Could not find macro" Error


I'm using Splunk v 6.0 and Splunk For Palo Alto v 4.1.

When I go to the Threat Dashboard and click on a bar in the Threats By Risk Value graph, the following search returns an empty result set, even though I just selected a non-empty time slot in the graph:

pan_threat severity="critical" earliest=1398209400.000 [| stats count | eval latest = 1398209400.000 + 300 | fields latest]

If I click on the arrow below the query box, it informs me:

In SearchParser: Could not find macro 'pan_threat' that takes 0 arguments. Expecting stanza name 'pan_threat'.

I think something is not being indexed, but I'm not sure. Any help would be appreciated.

0 Karma

Splunk Employee
Splunk Employee

Check where this macro is : 'pan_threat'
manager > advanced search > macros > all apps, all users, do not restrict to current app.

Look at :
- the app where it is
- the owner
- the permissions
- the scope (private, app or global)

And try with larger permissions.


Thanks for your response.

The owner for the app is "no owner".
I am using the console as an admin.

I set the permissions to read/write for all users/all apps, but that did not change anything.

0 Karma
Get Updates on the Splunk Community!

Dashboard Studio Challenge - Learn New Tricks, Showcase Your Skills, and Win Prizes!

Reimagine what you can do with your dashboards. Dashboard Studio is Splunk’s newest dashboard builder to ...

Introducing Edge Processor: Next Gen Data Transformation

We get it - not only can it take a lot of time, money and resources to get data into Splunk, but it also takes ...

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Help us learn about how Splunk has impacted your career by taking the 2021 Splunk Career Survey. Last year’s ...