×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
binbing
New Member
Member since: ‎06-28-2015
‎06-05-2020
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎06-28-2015
View All

Splunk for Palo Alto Networks: How do I troublesho...

by in All Apps and Add-ons
‎06-28-2015 03:20 PM
‎06-28-2015 03:20 PM
Splunk receives the logs from PAN firewall and logs show up with index=pan_logs , but when I try index=pan_logs sourcetype=pan_config , no logs show up. Then I tried sourcetype=pan_logs instead of sourcetype=pan_config . Logs start showing up after that change, but according to the following message, the logs are not getting parsed correctly. Check that you are not using a Custom Log Format in the syslog server setting on the firewall. " NO custom log in use" Check that the inputs.conf file is configured with the line "no_appending_timestamp = true", " yes, the line is in the inputs.conf" No forwarder is in use. Not sure how to resolve the parsing issue. PAN Firewall version is 6.2.0. Splunk for Palo Alto firewall is version 4.2.1 ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:03 AM