Solved: Re: palo alto app

gisnetsec · ‎05-04-2011

the palo alto app is not making use of the regular data files, can you help me to configure the data source?

kbains · ‎06-14-2011

sourcetype should be pan_log.

kbains · ‎06-14-2011

sourcetype should be pan_log.

gisnetsec · ‎06-07-2011

Just upgraded to 1.2 (thanks), but still no data.

kbains · ‎06-07-2011

Are you using the latest version of the app (1.2)?

kbains · ‎06-06-2011

You need to set the sourcetype to ns_log in your inputs.conf stanza. If you post your inputs.conf stanza, I can verify it is set correctly.

kbains · ‎06-07-2011

I think we should take this offline, could you email bd-labs@splunk.com and we can continue the discussion via email?

gisnetsec · ‎06-07-2011

how is the app mapped to the ns_log sourcetype?

gisnetsec · ‎06-07-2011

I just updated the sourcetype and here is that inputs.conf



[udp://2514]

connection_host = ip

sourcetype = ns_log

no_appending_timestamp = true

I restarted splunk an hour ago and still no data in any PaloAlto dash

palo alto app