Using Splunk 6.2
Upgraded the Palo Alto Networks App for Splunk from 4.x to 5.0.1 and after waiting for the data models to update to 100%, all of the Content dashboards are populating, but nothing under Threat - all of the dashboard objects show the grey warning triangle and 'tstats' Additionally, within the overview dashboard, the EventTypes panel is blank (no warning, but no data) and the Applications by Destination IP Location shows nothing, where prior it did show locations.
Prior to the upgrade all were working without issue for over a year.
I followed the steps in the upgrade guide and under troubleshooting. Created the inputs.conf file in the correct location for the PA App, deleted the lookups folder from the SplunkforPaloAltoNetworks folder (all default), verified that the data is flowing (as indicated by the Content dashboard and I can view/search the log data).
What did I miss?
↧