Running the latest PAN FW App and Add On Splunk 7.02
I followed troubleshooting steps to no avail. URLs are reported by a regular search. After a bit of investigation it looks like there's no event type "pan_url" that is used in the datamodel. So, you you run a simple query such as
eventtype="pan_threat" it returns results, including URLs but
eventtype="pan_url" comes empty.
Any idea?
↧