Re: Issue with Palo Alto apps

gskorski · ‎03-02-2012

I have an issue with the Palo Alto apps.
It seems that the transforms doesn't work.
I can see my Palo Alto logs in the search apps but nothing in the Palo Alto apps.
I'm running the latest version 1.2.0 and Splunk v4.3.

Can you help me?

willthames2 · ‎04-02-2012

We have the exact same problem. Interesting to know if anyone has a solution. sourcetype=pan_log finds lots of logs containing the regex ,TRAFFIC, as per transforms.conf

gskorski · ‎03-05-2012

The issue is that the sourcetype is not renamed. So the application doesn't find any logs.

MarioM · ‎03-05-2012

This rename expect to find THREAT,TRAFFIC,CONFIG,SYSTEM, keywords in your Palo Alto data

And origin sourcetype need to be pan_log

MarioM · ‎03-03-2012

As Splunk indexes your Palo Alto Networks firewall data, the app will rename the sourcetypes to pan_threat, pan_traffic, pan_config, and pan_system depending on the logging facility in your firewall.

This rename expect to find THREAT,TRAFFIC,CONFIG,SYSTEM, keywords in your Palo Alto data

And origin sourcetype need to be pan_log

gskorski · ‎03-08-2012

I know that.

The sourcetype is well configured as pan_log, and I can find THREAT, TRAFFIC, CONFIG and SYSTEM keyword in the logs but the app doesn't display anything.

Issue with Palo Alto apps

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

Splunk APM: New Product Features + Community Office Hours Recap!

Index This | Forward, I’m heavy; backward, I’m not. What am I?