Activity Feed
- Posted Re: Palo Alto Networks App/Add-on not showing data with custom index on All Apps and Add-ons. 02-04-2018 02:20 PM
- Posted Palo Alto Networks App/Add-on not showing data with custom index on All Apps and Add-ons. 01-24-2018 01:06 AM
- Tagged Palo Alto Networks App/Add-on not showing data with custom index on All Apps and Add-ons. 01-24-2018 01:06 AM
- Tagged Palo Alto Networks App/Add-on not showing data with custom index on All Apps and Add-ons. 01-24-2018 01:06 AM
- Tagged Palo Alto Networks App/Add-on not showing data with custom index on All Apps and Add-ons. 01-24-2018 01:06 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 |
02-04-2018
02:20 PM
@micahkemp, you are in the right track. I found this pull request in the Github repo of the application that points to the solution (still under development):
https://github.com/PaloAltoNetworks/SplunkforPaloAltoNetworks/pull/15
Thanks for answering!
... View more
01-24-2018
01:06 AM
Platform: Splunk and Palo Alto Networks App/Add-on latest release.
Following the installation instructions it looks like you can configure the Palo Alto Networks App/Add-on to a custom index. If I perform a search: index=my_custom_index eventtype=pan within the Add-On, it works. Without indicating the index, it does not.
On top of that the App is unable to populate the dashboards. I have added the local/inputs.conf to the App and Add-on with the configuration:
App version 5.x/6.x with Add-on
[udp://514]
connection_host = ip
index = network
sourcetype = pan:log
no_appending_timestamp = true
But no luck. Has anyone experienced something similar?
Thanks,
D
... View more
