All Apps and Add-ons

Why is Splunk for Palo Alto Networks app not displaying traffic dashboard?

New Member

Every dashboard working but Traffic dashboard.."Search is waiting for input..." Splunk 6.1 and PA app 4.1.1

0 Karma

Builder

Hello,

All the dashboards work off the same datamodel, so if one dashboard is showing data but the others aren't, it's probably because the firewall isn't sending the other kinds of syslogs (like threat, config, system, etc). You can use the troubleshooting guide to try and send config logs and see if they show up in the config dashboard:

Splunk for Palo Alto Networks App - Troubleshooting guide:
https://live.paloaltonetworks.com/docs/DOC-6593

0 Karma

New Member

confirmed all in the troubleshooting guide is correct.. however, I get data with this search, index=panlogs but not this one: index=panlogs sourcetype=config

0 Karma