So I'm trying to configure this on a relatively new Splunk install. I have the firewalls sending over some traffic and threat logs. If I search eventtype=pan:log I get results so my logs are hitting Splunk. However in the PAN app nothing is appearing. It seems like it is not properly changing it to pan_threat, etc.
I'm relatively new to Splunk but it feels like this just isn't being indexed correctly. What do I need to do to make sure this gets parsed correctly?
Configuration on 6.5.0; App version 5.2
... View more