All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

web activity dashboard

ewongpsc
Explorer
‎05-15-2019 07:30 AM

Hi,

Currently all my dashboards are working except the web activity dashboard. I only have a few results and I have been checking frequently.

i found this thread here about it - https://answers.splunk.com/answers/684808/palo-alto-networks-app-why-is-our-web-activity-das.html

if i run a search eventtype="pan_threat", i get a lot of results for the default time (4 hours), but it doesnt seem to be reflected in the dashboard.

any ideas what i should be looking at?

i've looked at the troubleshooting steps located here - https://splunk.paloaltonetworks.com/firewalls-panorama-and-traps.html
Everytime seems to be fine.

I do get data on the dashboard, but doesn't seem to match up on the search

Thanks in advance for your help.

Reply

ewongpsc
Explorer
‎05-15-2019 10:48 AM

i've doubled check this section as well.

https://splunk.paloaltonetworks.com/troubleshoot.html#dashboards-not-working

only pan_firewall datamodel is built, but i think thats all i need.

i have configured props.conf to set the index to my timezone - that is fine.

i've also configured that my inputs is set to palo:log

0 Karma
Reply

ewongpsc
Explorer
‎05-15-2019 07:59 AM

this is my exact search query

index=palo eventtype="pan_threat"

all my palo devices send via tcp to an index called "palo"

0 Karma
Reply

betchim_gerwili
Explorer
‎05-15-2019 07:56 AM

Are you using user input tokens for the time? Would you be able to post the search that you're running?

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Classroom Chronicles: Training Tales and Testimonials (Episode 2)

Welcome to the "Splunk Classroom Chronicles" series, created to help curious, career-minded learners get ...

Index This | I am a number but I am countless. What am I?

January 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  Happy New Year! We’re ...

What’s New in Splunk Enterprise 9.4: Tools for Digital Resilience

PLATFORM TECH TALKS What’s New in Splunk Enterprise 9.4: Tools for Digital Resilience Thursday, February 27, ...