I'm experiecing an issue with getting data into my splunk index for pan_logs.
It was working for a time and then something changed. I can see the logs hitting my heavy forwarders if I do a tcpdump on the port the inputs.conf stanza is configured for. I have the palo alto app installed on the heavy forwarder to process all the transforms and props. The problem is the i'm not getting any data into the pan_logs index. I have tried updating the app on the heavy forwarder but no luck. The index exists.
Any suggestions?
... View more