I installed the Palo Alto Networks App for Splunk on the Splunk Enterprise server and was able to pull data into the app, but I was reading that it wasn't a recommended setup. So, I pushed the app out to the universal forwarder. I haven't been able to get PA data to the indexer since. Can someone help?
↧