All Apps and Add-ons
Highlighted

Splunk for Palo Alto Networks: Why am I receiving some Wildfire reports, but not everything?

Path Finder

I'm receiving some wildfire reports in the PAN application, but not everything. I'm seeing the following in my python.log:

2015-02-17 06:56:03,100 -0800 WARNING   retrieveWildFireReport:117 - Traceback (most recent call last):
File "/opt/splunk/etc/apps/SplunkforPaloAltoNetworks/bin/retrieveWildFireReport.py", line 107, in wfReportXml = retrieveWildFireData(PAN_WF_APIKEY, result['serial_number'], result['report_id']).read().strip()
File "/opt/splunk/etc/apps/SplunkforPaloAltoNetworks/bin/retrieveWildFireReport.py", line 84, in retrieveWildFireData result = opener.open(wfReq, post_data)
File "/opt/splunk/lib/python2.7/urllib2.py", line 410, in open response = meth(req, response)
File "/opt/splunk/lib/python2.7/urllib2.py", line 523, in http_response 'http', request, response, code, msg, hdrs)
File "/opt/splunk/lib/python2.7/urllib2.py", line 448, in error return self._call_chain(*args)
File "/opt/splunk/lib/python2.7/urllib2.py", line 382, in _call_chain result = func(*args)
File "/opt/splunk/lib/python2.7/urllib2.py", line 531, in http_error_default raise HTTPError(req.get_full_url(), code, msg, hdrs, fp)
HTTPError: HTTP Error 420: Insufficient Arguments

It almost looks like I might need to configure my device serial numbers, but I don't see that in any configuration guide I can find.

0 Karma
Highlighted

Re: Splunk for Palo Alto Networks: Why am I receiving some Wildfire reports, but not everything?

Splunk Employee
Splunk Employee

This is a partner supported app, meaning Palo Alto Networks support this app. Please contact them at btorres-gil@paloaltonetworks.com, and they can provide a bit more guidance, but I think you are on the right track.

0 Karma