All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

web activity dashboard

ewongpsc
Explorer
‎05-15-2019 07:30 AM

Hi,

Currently all my dashboards are working except the web activity dashboard. I only have a few results and I have been checking frequently.

i found this thread here about it - https://answers.splunk.com/answers/684808/palo-alto-networks-app-why-is-our-web-activity-das.html

if i run a search eventtype="pan_threat", i get a lot of results for the default time (4 hours), but it doesnt seem to be reflected in the dashboard.

any ideas what i should be looking at?

i've looked at the troubleshooting steps located here - https://splunk.paloaltonetworks.com/firewalls-panorama-and-traps.html
Everytime seems to be fine.

I do get data on the dashboard, but doesn't seem to match up on the search

Thanks in advance for your help.

Reply

ewongpsc
Explorer
‎05-15-2019 10:48 AM

i've doubled check this section as well.

https://splunk.paloaltonetworks.com/troubleshoot.html#dashboards-not-working

only pan_firewall datamodel is built, but i think thats all i need.

i have configured props.conf to set the index to my timezone - that is fine.

i've also configured that my inputs is set to palo:log

0 Karma
Reply

ewongpsc
Explorer
‎05-15-2019 07:59 AM

this is my exact search query

index=palo eventtype="pan_threat"

all my palo devices send via tcp to an index called "palo"

0 Karma
Reply

betchim_gerwili
Explorer
‎05-15-2019 07:56 AM

Are you using user input tokens for the time? Would you be able to post the search that you're running?

0 Karma
Reply
Get Updates on the Splunk Community!

Get Inspired! We’ve Got Validation that Your Hard Work is Paying Off

We love our Splunk Community and want you to feel inspired by all your hard work! Eric Fusilero, our VP of ...

What's New in Splunk Enterprise 9.4: Features to Power Your Digital Resilience

Hey Splunky People! We are excited to share the latest updates in Splunk Enterprise 9.4. In this release we ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...