On the HF, your inputs can be installed here:
$SPLUNK_HOME/etc/apps/Splunk_TA_paloalto/local/inputs.conf
Since you are using 3.5.2 you can use the 5.x stanza.
[udp://514]
sourcetype = pan:log
no_appending_timestamp = true
... View more
On the HF your inputs can be installed here:
$SPLUNK_HOME/etc/apps/Splunk_TA_paloalto/local/inputs.conf
Since you are using 3.5.2 you can use the 5.x stanza.
Have you tried this already?
... View more