Getting Data In

Palo Alto Networks config logs not showing before and after info

Path Finder

We forward all config logs from our Palo Alto Networks firewall directly into Splunk

I can see that the config logs show up in Splunk but I don't see any info on the before and after change fields

when I look at the source within Splunk, that info isn't in it but it shows in the PAN config logs on the firewall itself

I want to create a report that within Splunk that shows all firewall config changes, including the before and after (kind of pointless without it).

any idea what is wrong?


Labels (1)
0 Karma
Take the 2021 Splunk Career Survey

Help us learn about how Splunk has
impacted your career by taking the 2021 Splunk Career Survey.

Earn $50 in Amazon cash!