Getting Data In

Palo Alto Networks config logs not showing before and after info

Path Finder

We forward all config logs from our Palo Alto Networks firewall directly into Splunk

I can see that the config logs show up in Splunk but I don't see any info on the before and after change fields

when I look at the source within Splunk, that info isn't in it but it shows in the PAN config logs on the firewall itself

I want to create a report that within Splunk that shows all firewall config changes, including the before and after (kind of pointless without it).

any idea what is wrong?


Labels (1)
0 Karma
Get Updates on the Splunk Community!

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...

Observability Highlights | January 2023 Newsletter

 January 2023New Product Releases Splunk Network Explorer for Infrastructure MonitoringSplunk unveils Network ...