sm-biz
commented
6 years ago Your panos-traffic-* index pattern is missing the fields 'SourceUser.keyword'
If you're using the *.json files provided, the only reason I can think of that happening is that your source data has never included a SourceUser field, and therefore the index pattern has never seen it. The field may be missing from your data if User-ID isn't setup, or if PAN-OS specific fields are not being exported
Have you got 'PAN-OS field export' ticked in the Syslog Profile? And if so, do you have any user-id data in your logs, when you check the 'Monitor' tab?
jersam
Any idea why on Application Dashboard the section for top10 apps comes up with