The newer version of Splunk's CEF App will rely on the data models to extract data. Based on that, you will need to use the wizard based on the Network Traffic data model to get the data out for PAN. If you want to constrain to just PAN and not other data in the network traffic data model, clone the network traffic data model and add a constraint to isolate on the PAN. The search will be generated and the output.conf file will need to be deployed to the indexers. The mapping in the CEF app will allow you to place specific values into CEF fields.
... View more