It looks like you might need to remove the Splunk_TA_nessus from your $SPLUNK_HOME/etc/apps and stick with TA-nessus if you are going to use the Hurricane Labs add on
... View more
I had this error until I created empty files for:
splunk/etc/apps/TA-nessus/lookups/nessus_plugin_lookup.csv
and
splunk/etc/apps/TA-nessus/lookups/nessus_scans.csv
by typing "touch nessus_scans.csv" and "touch nessus_plugin_lookup.csv" in the splunk/etc/apps/TA-nessus/lookups directory
... View more
$SPLUNK_HOME/etc/users/admin/user-prefs/local
Edit user-prefs.com
You define the default app here on the line that looks like this:
default_namespace = search
In this case, the default app would be search; change it to the one you want
... View more
That fixed it for me:
- Edit the "Threat Details" dashboard`s XML (Edit -> Edit Source)
- Locate datamodel="pan_logs" and change it to: datamodel="pan_firewall"
... View more
I get this error "Error in 'TsidxStats': Could not find datamodel: pan_logs"
We are running Splunk Enterprise 6.2 and Splunk for Palo Alto 4.2
... View more