No data in dashboards Palo Alto Dashboards

PaloAltoNetworks / Splunk-Apps

Palo Alto Networks App for Splunk leverages the data visibility provided by Palo Alto Networks next-generation firewalls and endpoint security with Splunk's extensive investigation and visualization capabilities to deliver an advanced security reporting and analysis tool.

https://splunk.paloaltonetworks.com

ISC License

103 stars 50 forks source link

No data in dashboards Palo Alto Dashboards #79

Open craigjanzen opened 5 years ago

craigjanzen commented 5 years ago

I have deployed the palo alto addon for splunk and having difficulties displaying data in dashboards. I do see data in the index "pan_logs". Also, I see that events received from the forwarder is getting correlated properly from the add-on as sourcetype=pan_logs are getting converted to pan:threats, pan:traffic, pan:userid etc. Please assist me in troubleshooting this issue.

btorresgil commented 5 years ago

This is very common, please use the troubleshooting guide to troubleshoot. https://splunk.paloaltonetworks.com/troubleshoot.html#dashboards-not-working

Most of the time it is one of these issues:

Timezone mismatch
Index not searched by default in Splunk user settings
Datamodel acceleration off or not fully built