in other words, if i search index=pan_logs host=10.10.10.10 sourcetype=pan:threat i will get current data

If i search host=10.10.10.10 sourcetype=pan:threat i get no data

I figured it out.. If you want to index the pan you have to set the index inside the index and eventtype conf files. The other thing i noticed was if you copy and past the ENTIRE example

App version 5.x or Add-on

[udp://514]
sourcetype = pan:log
no_appending_timestamp = true

App version 4.x and 3.x

[udp://514]
index = pan_logs
sourcetype = pan_log
no_appending_timestamp = true

It sets the index to pan_logs since its not commented out. So by removing the line items for app v4 and below it removes the index and when i deleted the index i created for pan_logs making sure it goes back to "default" aka main the app starts to pick up on the logs again.
My 2 cents, there should be a section in the how to install for those who like to index per app or vendor. FireEye gives you a section for this which is how i figured all of this out.

I guess the problem im really running into there is in the set up instructions there isnt really a place where it says do x, y, z for creating this index type so i assumed you had to create one like mentioned under upgrade. This is a fresh install and if i follow the set up instructions exactly i get no data, but if i create an index pan_logs using my standard index.conf file i can at least pull data using index=pan_logs and get a return, if i use something like host=x.x.x.x or eventtype=pan i dont get any data returned. If i remove the index of course i dont get any data out. So do i need to create event types? I see eventtypes listed when i get my index search but ONLY if i search by index=... What am i missing here