See below... I'm getting everything but the desired result which is just HTTP traffic...
Apr 10 15:17:21 SERVERNAME 1,2020/04/10: 15:17:21,001701015474,TRAFFIC,end,2305,2020/04/10 15:17:21,10.122.32.37,10.122.32.11,0.0.0.0,0.0.0.0,Zone Serveurs,DOMAIN\USERNAME,,dns,vsys1,Zone_Serveurs,Zone_Serveurs,ethernet1/1,ethernet1/1,ORG_LNF_SPLUNK,2020/04/10 15:17:21,395726,1,55482,53,0,0,0x19,udp,allow,464,166,298,4,2020/04/10 15:16:49,30,any,0,42206599365,0x0,10.0.0.0-10.255.255.255,10.0.0.0-10.255.255.255,0,2,2,aged-out,0,0,0,0,,SERVERNAME,from-policy,,,0,,0,,N/A,0,0,0,0,a91acf34-1547-4075-8c84-8c26d0469102,0,0,,,,,,,
action = allowed
host = spm1052
index = paloaltologs
source = /logs/paloalto.log
sourcetype = pan:traffic
type = TRAFFIC
user = DOMAIN\USERNAME
... View more