I'm new to Splunk Enterprise after completing a trial of Splunk Cloud. I am attempting to have data flow from my Panorama and when I look at the monitor tab, I am seeing UDP 514 data flowing to the target server address in the firewall.
Since this is currently my only app after installing Splunk Enterprise and looking at all the previous questions for this app, I have attempted to change up multiple inputs.conf files with what has been given here as well as the http://pansplunk.readthedocs.io/ site for getting started. However I seem to have nothing being picked up by Splunk in the way of data. Once I have configured the inputs.conf file in the correct local folder on the TA app directory, I go to my app and this is the message that I currently receive:
Received event for unconfigured/disabled/deleted index=pan_logs with source="source::udp:514" host="host::x.x.x.x" sourcetype="sourcetype::pan:traffic".
So far received events from 1 missing index(es) where the host is an IP address of my primary firewall and not my Panorama. Any help that can be shed on what I am seeing is greatly appreciated.
↧