All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

web activity dashboard

ewongpsc
Explorer
‎05-15-2019 07:30 AM

Hi,

Currently all my dashboards are working except the web activity dashboard. I only have a few results and I have been checking frequently.

i found this thread here about it - https://answers.splunk.com/answers/684808/palo-alto-networks-app-why-is-our-web-activity-das.html

if i run a search eventtype="pan_threat", i get a lot of results for the default time (4 hours), but it doesnt seem to be reflected in the dashboard.

any ideas what i should be looking at?

i've looked at the troubleshooting steps located here - https://splunk.paloaltonetworks.com/firewalls-panorama-and-traps.html
Everytime seems to be fine.

I do get data on the dashboard, but doesn't seem to match up on the search

Thanks in advance for your help.

Reply

ewongpsc
Explorer
‎05-15-2019 10:48 AM

i've doubled check this section as well.

https://splunk.paloaltonetworks.com/troubleshoot.html#dashboards-not-working

only pan_firewall datamodel is built, but i think thats all i need.

i have configured props.conf to set the index to my timezone - that is fine.

i've also configured that my inputs is set to palo:log

0 Karma
Reply

ewongpsc
Explorer
‎05-15-2019 07:59 AM

this is my exact search query

index=palo eventtype="pan_threat"

all my palo devices send via tcp to an index called "palo"

0 Karma
Reply

betchim_gerwili
Explorer
‎05-15-2019 07:56 AM

Are you using user input tokens for the time? Would you be able to post the search that you're running?

0 Karma
Reply
Get Updates on the Splunk Community!

Infographic provides the TL;DR for the 2023 Splunk Career Impact Report

We’ve been shouting it from the rooftops! The findings from the 2023 Splunk Career Impact Report showing that ...

Splunk Lantern | Getting Started with Edge Processor, Machine Learning Toolkit ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...

Enterprise Security Content Update (ESCU) | New Releases

In the last month, the Splunk Threat Research Team (STRT) has had 2 releases of new security content via the ...