All Apps and Add-ons

Splunk for Palo Alto Networks: Why am I receiving some Wildfire reports, but not everything?

Path Finder

I'm receiving some wildfire reports in the PAN application, but not everything. I'm seeing the following in my python.log:

2015-02-17 06:56:03,100 -0800 WARNING   retrieveWildFireReport:117 - Traceback (most recent call last):
File "/opt/splunk/etc/apps/SplunkforPaloAltoNetworks/bin/", line 107, in wfReportXml = retrieveWildFireData(PAN_WF_APIKEY, result['serial_number'], result['report_id']).read().strip()
File "/opt/splunk/etc/apps/SplunkforPaloAltoNetworks/bin/", line 84, in retrieveWildFireData result =, post_data)
File "/opt/splunk/lib/python2.7/", line 410, in open response = meth(req, response)
File "/opt/splunk/lib/python2.7/", line 523, in http_response 'http', request, response, code, msg, hdrs)
File "/opt/splunk/lib/python2.7/", line 448, in error return self._call_chain(*args)
File "/opt/splunk/lib/python2.7/", line 382, in _call_chain result = func(*args)
File "/opt/splunk/lib/python2.7/", line 531, in http_error_default raise HTTPError(req.get_full_url(), code, msg, hdrs, fp)
HTTPError: HTTP Error 420: Insufficient Arguments

It almost looks like I might need to configure my device serial numbers, but I don't see that in any configuration guide I can find.

0 Karma

Splunk Employee
Splunk Employee

This is a partner supported app, meaning Palo Alto Networks support this app. Please contact them at, and they can provide a bit more guidance, but I think you are on the right track.

0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!