All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Palo Alto Network App for Splunk: No data showing in GlobalProtect dashboard and some other dashboards

garrywilmeth
Explorer
‎04-06-2020 05:59 PM

Hello,

I am working on upgrading from an older version of the Palo Alto Network App for Splunk. I have installed the TA on all indexers and the APP/TA on the search head. Most of the dashboards are being populated with data, but the GlobalProtect dashboard has nothing. I am seeing info in the pan_logs for GlobalProtect, but I don't see any reference to GP in the Pan Firewall Data Model.

I see that the dashboard panels are making reference to:
datamodel="pan_firewall" WHERE nodename="log.system.globalprotect"

I've looked through the entire data model and don't see any reference to globalprotect.

Splunk Version Version: 7.2.0 Build: 8c86330ac18
Palo Alto Networks Add-on 6.2.0
Palo Alto Networks App for Splunk 6.2.0

Data being sent from firewalls to splunk via UDP input

Thanks,

Garry

Tags (1)
0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...