My App: Palo Alto Networks is not populating any data. I am able to do searches on my index="pan_logs" and also the host="x.x.x.x".
Any ideas where I can start troubleshooting? Any help is appreciated. Thanks!
First, I recommend upgrading to the latest version of the App (v5.0.x) which no longer uses the pan_logs index. Then, use the getting started guide to get set up, and the troubleshooting guide to figure out what is wrong:
Getting Started:
http://pansplunk.readthedocs.org/en/latest/getting_started.html
Troubleshooting:
http://pansplunk.readthedocs.org/en/latest/troubleshoot.html
Let us know if you're still having trouble after going through the guide.
Start with the job inspector. See if the dashboard searches are failing and if so for what reason. Check index=_internal for ERROR or WARN.