Pantag errors out when search result returns multiple users to use for Dynamic User Groups.

PaloAltoNetworks / Splunk-Apps

Palo Alto Networks App for Splunk leverages the data visibility provided by Palo Alto Networks next-generation firewalls and endpoint security with Splunk's extensive investigation and visualization capabilities to deliver an advanced security reporting and analysis tool.

https://splunk.paloaltonetworks.com

ISC License

103 stars 50 forks source link

Pantag errors out when search result returns multiple users to use for Dynamic User Groups. #152

Open elchavitodlocho opened 3 years ago

elchavitodlocho commented 3 years ago

Call to Pantag to create dynamic user groups fails with: _External search command 'pantag' returned error code 2. Script output = "ERROR 'name' ".__ when splunk search returns multiple users for updating.

Example of search and Pantag call:

host="10.42.2.22" auth_method="802.1x" ironman | pantag device="10.12.240.120" tag="Avengers" user_field="source_username" action="adduser"

welcome-to-palo-alto-networks[bot] commented 3 years ago

:tada: Thanks for opening your first issue here! Welcome to the community!