Does anyone have any recommendations on how to tune the logs for the App for Palo Alto?
I found the following Splunk Answers article that I've applied:
https://answers.splunk.com/answers/740273/how-to-filter-out-informational-logs-from-palo-alt.html
But with this change, a few dashboards just don't display events. I'm thinking that maybe I need to apply some filtering to the different sourcetype instead of the global pan:log.