https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/splunk-and-palo-alto-networks-integration-in-aws-log-data/m-p/555221#M1970 <P><SPAN>Check the parsing and indexing configuration in Splunk. Splunk uses regular expressions and configurations to extract and index data. Ensure that your Splunk configuration aligns with the log format used by Palo Alto Networks devices. Misconfigured or incomplete parsing rules could lead to discrepancies.&nbsp;Timestamps are crucial for accurate log analysis. Ensure that the timestamps in your log data are correctly parsed and indexed in Splunk. If the timestamps are mismatched or not aligned properly, it can lead to discrepancies between the PAN-OS console and Splunk.</SPAN></P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P><SPAN><FONT size="1 2 3 4 5 6 7"><A href="https://www.paybyplatema.ltd/" target="_self"><FONT color="#FFFFFF">PaybyPlateMa Invoice</FONT></A></FONT><BR /></SPAN></P> Fri, 25 Aug 2023 04:31:42 GMT uthhab2 2023-08-25T04:31:42Z https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/splunk-and-palo-alto-networks-integration-in-aws-log-data/m-p/554802#M1961 <P>Hello,</P> <P>&nbsp;</P> <P>Recently, in our organization, we undertook the task of integrating Splunk with our existing Palo Alto Networks infrastructure within our AWS environment. The integration process was fairly smooth, and we were eager to begin monitoring and analyzing our network logs using Splunk's capabilities.</P> <P>However, as we started to deep dive into the log data, we noticed certain discrepancies. Some log entries, when visualized in Splunk, appear differently than when they're viewed directly in the PAN-OS console. This has raised concerns about the accuracy and consistency of the data we're analyzing.</P> <P>I wanted to reach out and see if anyone in this community has faced a similar issue. Specifically:</P> <P data-unlink="true">Have you observed any discrepancies in log data between the PAN-OS&nbsp; and Splunk&nbsp; console in your integrations?<BR />If so, what measures did you take to address or troubleshoot the problem?</P> <P>&nbsp;</P> <P>Thanks in advance!</P> Wed, 23 Aug 2023 08:23:35 GMT https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/splunk-and-palo-alto-networks-integration-in-aws-log-data/m-p/554802#M1961 miasmith500 2023-08-23T08:23:35Z https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/splunk-and-palo-alto-networks-integration-in-aws-log-data/m-p/555002#M1967 <P><SPAN>Yes, discrepancies between log data in Palo Alto Networks (PAN-OS) and Splunk integrations can occur due to parsing, timestamps, and data processing differences.&nbsp;Verify data integrity and consistent log generation. Review parsing and indexing settings in Splunk to match log format. Ensure timestamp consistency and timezones. Manually compare raw log entries in both systems. Consult documentation, support, and experts if discrepancies persist.</SPAN></P> Thu, 24 Aug 2023 07:01:21 GMT https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/splunk-and-palo-alto-networks-integration-in-aws-log-data/m-p/555002#M1967 uthhab2 2023-08-24T07:01:21Z https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/splunk-and-palo-alto-networks-integration-in-aws-log-data/m-p/555221#M1970 <P><SPAN>Check the parsing and indexing configuration in Splunk. Splunk uses regular expressions and configurations to extract and index data. Ensure that your Splunk configuration aligns with the log format used by Palo Alto Networks devices. Misconfigured or incomplete parsing rules could lead to discrepancies.&nbsp;Timestamps are crucial for accurate log analysis. Ensure that the timestamps in your log data are correctly parsed and indexed in Splunk. If the timestamps are mismatched or not aligned properly, it can lead to discrepancies between the PAN-OS console and Splunk.</SPAN></P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P><SPAN><FONT size="1 2 3 4 5 6 7"><A href="https://www.paybyplatema.ltd/" target="_self"><FONT color="#FFFFFF">PaybyPlateMa Invoice</FONT></A></FONT><BR /></SPAN></P> Fri, 25 Aug 2023 04:31:42 GMT https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/splunk-and-palo-alto-networks-integration-in-aws-log-data/m-p/555221#M1970 uthhab2 2023-08-25T04:31:42Z