After installing the PaloAlto Networks Add-On using the installation guide and confirming I'm getting logs from the Firewall.
We are getting the following errors:
Could not load lookup=LOOKUP-vendor_info_for_pan_config
In addition none of the dashboards are populating data even though I know there are logs.
Is there additional configuration that needs to be done.
You must add it in the right place. Go to Settings
-> Lookups
-> Lookup Definitions
and search for the reported lookup ( vendor_info_for_pan_config
). There you will see the name of the lookup file being used and the app which should own it. Create/replace the lookup file with the same name in that app and the error will go away.
App - 6.1.0
Add-On - 6.1.0
Yes the file is there and has data in it.
App - 6.1.0
Add-On - 6.1.0
Yes the file is located and has data in it.
What version of the App/Add-on are you using?
Do you have a file in your Splunk_TA_paloalto/lookups
directory called pan_vendor_info.csv
?