Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Palo alto Strata logging service logs

Splunkers2
Observer
‎04-03-2025 12:42 AM
Hi,
 
I have onboarded palo-alto traffic and threat logs via HEC and SLS (Strata logging service). These logs are JSON logs and as the documentation they should come under sourcetype=pan:firewall_cloud.All our dashboards are set up expecting traffic logs under pan:traffic and threat logs under pan:threat.
 
Having checked the props.conf and transforms.conf for sourcetype=pan:firewall_cloud, there is no rule to route the logs to pan:threat or pan:traffic.
how is everyone dealing with this situation ? appreciate any workarounds or suggestions in general. This seems to be big issue anyone using SLS (strata logging service).Thanks.
 
Labels (2)
Labels
0 Karma
Reply

Vardhan
Contributor
‎04-23-2025 03:35 AM

Hi ,

If you are sending logs from On prem Panorama consoles to Splunk and using Palo Alto addon. The logs will go to pan:traffic . However, if you are sending logs from Strata console via HEC the logs will be in Json format and the right sourcetype to use is pan:firewall_cloud. 

Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...