I have the same issue. The problem is there is no field called "nodename" in the datamodel. I can not find in the TA anywhere that defines this field, thus it will never match. Thus a lot of the dashboards don't work.
~/Splunk_TA_paloalto
└──╼ grep -ri nodename *| grep -v .js
bin/splunk_ta_paloalto/cloudconnectlib/splunktalib/modinput.py: if doc.nodeName == "input":
bin/splunk_ta_paloalto/solnlib/net_utils.py: # [Errno 8] nodename nor servname provided, or not known
lookups/threat_list.csv:36853,"Advantech WebAcess ActiveX NodeName Parameter Buffer Overflow Vulnerability",overflow,high,"CVE-2014-0764"
lookups/threat_list.csv:36707,"Advantech WebAccess Browser ActiveX NodeName Parameter Buffer Overflow Vulnerability",overflow,high,"CVE-2014-0985"
lookups/threat_list.csv:38655,"Advantech WebAcess ActiveX NodeName Parameter Buffer Overflow Vulnerability","code-execution",medium,"CVE-2014-0764"
... View more