Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About prescilianoneto
prescilianoneto
Path Finder
Member since:
01-10-2018
06-05-2020
Community Statistics
| Posts | 14 |
| Solutions | 0 |
| Karma Given | 0 |
| Karma Received | 4 |
| Member Since | 01-10-2018 |
Activity Feed
- Got Karma for Could you please fix the app?. 06-05-2020 12:49 AM
- Got Karma for Re: Why isn't the Splunk REST API able to pull data frequently?. 06-05-2020 12:49 AM
- Got Karma for Re: How to extract x-forwaded-for out of Cloudflare logs. 06-05-2020 12:49 AM
- Got Karma for Re: Why are there Palo Alto App Empty Dashboards on Splunk Cloud?. 06-05-2020 12:49 AM
- Posted Re: Why isn't the Splunk REST API able to pull data frequently? on All Apps and Add-ons. 07-31-2018 03:02 PM
- Posted Re: Why isn't the Splunk REST API able to pull data frequently? on All Apps and Add-ons. 07-30-2018 12:49 PM
- Posted Re: Why isn't the Splunk REST API able to pull data frequently? on All Apps and Add-ons. 07-30-2018 11:28 AM
- Posted Re: How to extract x-forwaded-for out of Cloudflare logs on All Apps and Add-ons. 06-12-2018 12:49 PM
- Posted Re: Could you please fix the app? on All Apps and Add-ons. 03-19-2018 12:14 PM
- Posted Re: Could you please fix the app? on All Apps and Add-ons. 03-19-2018 12:12 PM
- Posted Re: Why are there Palo Alto App Empty Dashboards on Splunk Cloud? on All Apps and Add-ons. 02-07-2018 10:56 AM
- Posted Re: Why are there Palo Alto App Empty Dashboards on Splunk Cloud? on All Apps and Add-ons. 02-07-2018 05:31 AM
- Posted Re: Why are there Palo Alto App Empty Dashboards on Splunk Cloud? on All Apps and Add-ons. 02-06-2018 11:37 AM
- Posted Re: Why are there Palo Alto App Empty Dashboards on Splunk Cloud? on All Apps and Add-ons. 02-06-2018 11:30 AM
- Posted Why are there Palo Alto App Empty Dashboards on Splunk Cloud? on All Apps and Add-ons. 02-06-2018 10:43 AM
- Tagged Why are there Palo Alto App Empty Dashboards on Splunk Cloud? on All Apps and Add-ons. 02-06-2018 10:43 AM
- Tagged Why are there Palo Alto App Empty Dashboards on Splunk Cloud? on All Apps and Add-ons. 02-06-2018 10:43 AM
- Tagged Why are there Palo Alto App Empty Dashboards on Splunk Cloud? on All Apps and Add-ons. 02-06-2018 10:43 AM
- Posted Re: Could you please fix the app? on All Apps and Add-ons. 01-30-2018 11:23 AM
- Posted Re: Could you please fix the app? on All Apps and Add-ons. 01-11-2018 10:04 AM
Topics I've Started
07-31-2018
03:02 PM
1 Karma
No problem, I wrote my own code and now it is publicly available: https://github.com/presciliano/cloudflarelogstosplunk
... View more
07-30-2018
12:49 PM
Awesome. Is it publicly available? If not, could you please share it with me?
... View more
07-30-2018
11:28 AM
Hello Venky
Did you manage to solve this problem and send Cloudflare logs to Splunk? I'm trying the same here, so any advice will be greatly appreciated.
Cheers,
Presciliano
... View more
06-12-2018
12:49 PM
1 Karma
Hello rgraham4,
How did you manage to pull the Cloudflare ELS logs to Splunk?
Best Regards,
Presciliano
... View more
03-19-2018
12:14 PM
Hello Carlos
Have you applied some workaround for this issue?
Best Regards,
Presciliano
... View more
02-07-2018
10:56 AM
1 Karma
Hello, I realized that my forwarder was acting as a LWF instead of a HF after the upgrade. I reinstalled it from scratch, re-applied the same configuration and then everything started to work fine.
... View more
02-07-2018
05:31 AM
Hello micahkmep, I upgraded my Universal Forwarder to a Heavy Forwarder and installed both Palo Alto App and Add-on on it. Then, I configured /opt/splunk/etc/apps/Splunk_TA_paloalto/local/inputs.conf as follows:
[udp://192.168.2.100:514]
sourcetype=pan:log
no_appending_timestamp = true
[udp://192.168.2.150:514]
sourcetype=pan:log
no_appending_timestamp = true
I verified that /opt/splunk/etc/apps/Splunk_TA_paloalto/default/props.conf and /opt/splunk/etc/apps/Splunk_TA_paloalto/default/transforms.conf are in place.
So I restarted splunk, but the events are still being presented as pan:log in the search header.
How do I troubleshoot it?
... View more
02-06-2018
11:37 AM
Ok, so I just don't understand how it worked before. I always had a Universal Forwarder.
However, as your answer makes sense, I'll try to upgrade it.
Thank you
... View more
02-06-2018
11:30 AM
But I already have a Universal Forwarder, is really need to upgrade it? I forgot to mention that dashboards worked fine after Palo Alto App and Add-on initial installation, they stopped working after some time.
... View more
02-06-2018
10:43 AM
Hello,
Our firewall events are flowing to our Splunk Cloud environment however all the events have the sourcetype pan:log instead of pan:traffic, pan:config, pan:threats, etc. This results in empty Palo Alto App dashboards.
I tried to ask for Splunk Cloud support, however they told me that "the Palo Alto app and add-on are not splunk supported".
My guess is that the Palo Alto Add-on is not installed on the indexers. The "Manage Apps" Splunk menu shows only the App, not the Add-on. I know that the add-on is installed because it appears in the main menu. I would try to uninstall and reinstall the add-on by myself but I don't have access to.
Most of the Palo Alto documentation refers to a single instance environment, so I'm not sure about how to do solve this issue in Splunk Cloud.
Any advice? It seems that I need to ask the Splunk Cloud Support guys exactly what they need to do to solve the problem, and I'm neither a Splunk nor Palo Alto expert.
Best Regards,
Presciliano
... View more
01-11-2018
10:04 AM
Thank you, Evan. I'll wait for your official build since I am running Splunk Cloud and I can't modify the install by myself. And I am afraid that Splunk Cloud Support won't do that either.
... View more
01-10-2018
05:23 AM
1 Karma
Currently, the app doesn't work. The API calls should be to api.github.com/repos/owner/... instead of api.github.com/api/v3/repos/owner/..
... View more
