All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Configuring Data Inputs for PAN Add-on in Splunk Cloud,Configuring the add-on for Splunk Cloud

hashicorpjf
New Member
‎07-26-2019 05:19 PM

Hey there! The documentation for configuring the PAN Add-on (found at splunk.paloaltonetworks.com) mentions that TCP/UDP data sources must be configured to get data out of our PAN firewalls; however, Splunk support informed me that this isn't possible due to security restrictions on Splunk Cloud instances. However, without these data sources, I'm not really sure how else to get data into our Splunk Cloud environment (they've mentioned that we can use an HTTP event collector, but the documentation doesn't say much on how to do that).

Has anyone else successfully connected their PAN firewalls/WIldfire to Splunk Cloud, and if so, would you be willing to advise me on how to do so?

Thanks!!,

0 Karma
Reply

woodcock
Esteemed Legend
‎07-27-2019 09:34 AM

It is simple. Stand up a syslog-ng server inside of your data center alongside the PANs and send the data to syslog-ng and have it either send to Splunk Cloud HEC or write to file and use a traditional UF:
http://www.georgestarcher.com/splunk-success-with-syslog/
https://www.splunk.com/blog/2017/03/30/syslog-ng-and-hec-scalable-aggregated-data-collection-in-splu...
If you need help, DM me; we do this all the time.

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...