I am having trouble with the app Splunk for Palo Alto Networks. I have a brand new install of splunk 6.2.0 splunk build 237341 with only the one App installed - Splunk for Palo Alto Networks version 4.1.3 The Pan is a PA-7050 running version 6.1.0 I did follow the instructions to install the app and included the required line in inputs.conf. no_appending_timestamp = true On the Pan side i'm sending config and system syslogs to splunk, at this point I do get some data. So the server is receiving data. I now add some policies on the Pan to log forward. When I do the commit command on the Pan, I get on Splunk a brief spike on the Event Types graph. But then I get no new data being charted. Just the few entries on the graph for general. All other graphs on the Overview screen are also reporting 0. When I do a search index=pan*, I only get events from sourcetype = pan_system and pan_config No data from log_forwarding data from policies. Does anyone else have this problem of logs not being seen in Splunk using this App? ... View more