We forward all config logs from our Palo Alto Networks firewall directly into Splunk
I can see that the config logs show up in Splunk but I don't see any info on the before and after change fields
when I look at the source within Splunk, that info isn't in it but it shows in the PAN config logs on the firewall itself
I want to create a report that within Splunk that shows all firewall config changes, including the before and after (kind of pointless without it).
any idea what is wrong?