Solved: Can Splunk for Palo Alto Networks app index data o...

ctheidea · ‎07-15-2014

Sorry I'm Splunk newbie.

I have Palo Alto Logs into Splunk (realtime).

I'm installed Splunk for Palo Alto Networks and Config without WildFire Config.

Can I use this app without WildFire. ( I mean Splunk for Pal Alto Network can index data from Palo Alto Networks without WildFire? )

Sorry my English, I'm learning 🙂

Thankyou

barakreeves · ‎07-15-2014

You do not need a WildFire account to get good value out of the PaloAlto Network app for Splunk. The app will work great without the subscription. Remember, at anytime, you can correlate PaloAlto Network data with any other data source, such as AD or Windows security EventLogs by going into search and type: index=pan_logs OR index=msad

Happy Splunking,
Barak

View solution in original post

barakreeves · ‎07-15-2014

You do not need a WildFire account to get good value out of the PaloAlto Network app for Splunk. The app will work great without the subscription. Remember, at anytime, you can correlate PaloAlto Network data with any other data source, such as AD or Windows security EventLogs by going into search and type: index=pan_logs OR index=msad

Happy Splunking,
Barak

ctheidea · ‎07-15-2014

Thank you for advice 🙂

Can Splunk for Palo Alto Networks app index data on my network without WildFire?

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life