Splunk Version 6.2.1
Palo Alto Networks APP 6.0.1
The index seems to be correctly configured because I receive data if I search "eventtype=pan" or "index="pan_logs" on the App itself.
But I have no data at all under Activity, Threats or Operations tab...
I followed the troubleshooting steps available but found nothing, only something about NTP and time settings, but that's not clear that the NTP problem makes the data not to appear at all.
And the timestamp of logs seems correct:
What else can I check? This is my first configs on Splunk and I may have missed something.
Thanks for the help!
Yes, I have some working dashboards, but only for others App, like network ones.
The Add one is 6.0.2, but I think I don't need this Add On, I have configured nothing on it.
Firewall Event, Latest event code is this one:
pan_tstats count FROM
node(log.system) $serialnumber$ $vsys$ $description$ $logsubtype$ $severity$ $eventid$ `table(time log.serialnumber log.description log.logsubtype log.severity log.eventid)` | sort -time