All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

The Firewall Palo Alto logs cannot be parsed using Splunk Add-on for Palo Alto Networks

nooproblems
New Member
2 weeks ago

Hi all,

I’m having an issue with parsing Palo Alto Firewall logs in Splunk. Here is the current situation:
- I configured the Palo Alto firewall logs to be sent to the Splunk HF via UDP port 514.

nooproblems_0-1763091019146.png

- I installed the Splunk Add-on for Palo Alto Networks on the deployment server and pushed the TA to the HF, indexers, and search head.
- However, the Palo Alto logs in Splunk are still not being parsed. I currently don’t have a clear direction for troubleshooting. I would appreciate any advice or experience the community can share.
@palo alto

Labels (1)
Labels
Tags (1)
0 Karma
Reply

PrewinThomas
Motivator
2 weeks ago

@nooproblems 

Since you already have add-ons everywhere, does your event include a syslog header? Could you provide a sample log?
To ensure the Palo Alto add-on functions properly, make sure the syslog header is not included in your log.

If you have syslog header add below to your inputs.conf

no_appending_timestamp = true

Regards,
Prewin
🌟If this answer helped you, please consider marking it as the solution or giving a Karma. Thanks!

0 Karma
Reply

inventsekar
SplunkTrust
SplunkTrust
2 weeks ago
 I installed the Splunk Add-on for Palo Alto Networks on the deployment server and pushed the TA to the HF, indexers, and search head.

from DS, did you push the TA to indexers and search heads?

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !
0 Karma
Reply
Get Updates on the Splunk Community!

Index This | Why did the turkey cross the road?

November 2025 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Feel the Splunk Love: Real Stories from Real Customers

Hello Splunk Community,    What’s the best part of hearing how our customers use Splunk? Easy: the positive ...