Palo Alto Networks App for Splunk leverages the data visibility provided by Palo Alto Networks next-generation firewalls and endpoint security with Splunk's extensive investigation and visualization capabilities to deliver an advanced security reporting and analysis tool.
I have deployed the palo alto addon for splunk and having difficulties displaying data in dashboards. I do see data in the index "pan_logs". Also, I see that events received from the forwarder is getting correlated properly from the add-on as sourcetype=pan_logs are getting converted to pan:threats, pan:traffic, pan:userid etc. Please assist me in troubleshooting this issue.
I have deployed the palo alto addon for splunk and having difficulties displaying data in dashboards. I do see data in the index "pan_logs". Also, I see that events received from the forwarder is getting correlated properly from the add-on as sourcetype=pan_logs are getting converted to pan:threats, pan:traffic, pan:userid etc. Please assist me in troubleshooting this issue.