I guess the problem im really running into there is in the set up instructions there isnt really a place where it says do x, y, z for creating this index type so i assumed you had to create one like mentioned under upgrade. This is a fresh install and if i follow the set up instructions exactly i get no data, but if i create an index pan_logs using my standard index.conf file i can at least pull data using index=pan_logs and get a return, if i use something like host=x.x.x.x or eventtype=pan i dont get any data returned. If i remove the index of course i dont get any data out. So do i need to create event types? I see eventtypes listed when i get my index search but ONLY if i search by index=... What am i missing here
... View more