About Ric0

Ric0 · ‎10-05-2020

I only have one Indexer, and I created the pan_logs index. I rebooted my Splunk server. When I check the Palo Alto app, I still do not receive any data. Do I need to reboot the Palo Alto deivce? I have Splunk installed on one server that is my Forwarder and Indexer. I also edited the Index.conf file under $Splunk_Home/etc/apps/local/Palo Alto and then rebooted the server.

Ric0 · ‎10-01-2020

I am running Splunk on Windows Server 2016. I attempted to send Palo Alto logs to Splunk but received the following error, "unconfigured/disabled/deleted index=pan_logs with source = source = udp:515 host = host = x.x.x.x I edited the .conf file a number of times and restarted Splunk. I am following the instructions for the Palo Alto app, add-on, and configurations posted under Splunk Documentation. I believe that I need to re-configure or add an additional indexer, but I am not sure exactly where. Thank you

Posts	2
Solutions	0
Karma Given	0
Karma Received	0
Member Since	‎08-07-2020

Online Status	Offline
Date Last Visited	‎10-09-2020 12:49 AM

unconfigured/disabled/deleted index=pan_logs

Re: unconfigured/disabled/deleted index=pan_logs

unconfigured/disabled/deleted index=pan_logs