×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
aaronhentschel
New Member
Member since: ‎03-23-2017
‎06-05-2020
Community Statistics
Posts 4
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎03-23-2017
Activity Feed
View All

Re: Palo Alto Networks App and Add-on for Splunk: ...

by in All Apps and Add-ons
‎03-23-2017 09:48 PM
‎03-23-2017 09:48 PM
Sorry, I just realised that your Settings of the "source User" filter look different to mine. My Token Prefix is: log.user=" and my Token Suffix is " I remove the quotes and it now works. ... View more

Re: Palo Alto Networks App and Add-on for Splunk: ...

by in All Apps and Add-ons
‎03-23-2017 09:43 PM
‎03-23-2017 09:43 PM
Thanks adonio. Even I place a * in the Source User field it still returns no results 😞 The other filter fields work fine, it is just the Source User filter. ... View more

Re: Palo Alto Networks App and Add-on for Splunk: ...

by in All Apps and Add-ons
‎03-23-2017 07:16 PM
‎03-23-2017 07:16 PM
Thanks Adonio. That has certainly helped, but while that works perfectly for the "Traffic Dashboard", if I try and filter on the "Web Activity Report" it seems the "Source User" filter has no effect while the "Source IP" and "Destination Hostname" filters work fine. It would be great to be able to filter within the "Web Activity Report" by user. Do you see the same issue in your environment? ... View more

Palo Alto Networks App and Add-on for Splunk: How ...

by in All Apps and Add-ons
‎03-23-2017 02:56 PM
‎03-23-2017 02:56 PM
We are trying to determine the best way to provide a user activity report from our Palo Alto logs and are having trouble with the appropriate Splunk search. Something to show "total bytes for each destination hostname grouped by user over a nominated time period" . Could anyone provide any advice on how that search could be written? Obviously we are rather new to Splunk but have the search basics in hand, just not more advanced search syntax. We are using Splunk 6.5.2, Palo Alto Networks Add-on for Splunk 3.7.1 and Palo Alto Networks App for Splunk 5.3.1. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:03 AM