https://live.paloaltonetworks.com/t5/general-topics/palo-alto-splunk-syslog-view/m-p/335227#M84495 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/11943">@kiwi</a>&nbsp;</P><P>&nbsp;</P><P>I don't think so it is vsys, because it is mentioned in the last stage of format.&nbsp;</P><P>&nbsp;</P><P>Regards</P><P>venky</P> Thu, 25 Jun 2020 08:38:13 GMT Venkatesan_radhakrishnan 2020-06-25T08:38:13Z https://live.paloaltonetworks.com/t5/general-topics/palo-alto-splunk-syslog-view/m-p/335195#M84491 <DIV class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV><DIV class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV><P>Hi Community,</P><P>&nbsp;</P><P>While exporting syslog from palo alto splunk in default format, what is the default format for config logs.</P><P>&nbsp;</P><P>Where I can see the default format. Next to hostname what is that value "1" where it comes from?</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="output.jpg" style="width: 999px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/26403iB35A67C0FFFAA6A5/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="output.jpg" alt="output.jpg" /></span></P> Thu, 25 Jun 2020 06:45:29 GMT https://live.paloaltonetworks.com/t5/general-topics/palo-alto-splunk-syslog-view/m-p/335195#M84491 Venkatesan_radhakrishnan 2020-06-25T06:45:29Z https://live.paloaltonetworks.com/t5/general-topics/palo-alto-splunk-syslog-view/m-p/335223#M84494 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/97701">@Venkatesan_radhakrishnan</a> ,</P> <P>&nbsp;</P> <P>Guessing that will be vsys:</P> <P>&nbsp;</P> <P>CEF-style format that was used for Config log type :</P> <P>&nbsp;</P> <P><EM>CEF:0|Palo Alto Networks|PAN-OS|$sender_sw_version|$result|$type|1|rt=$cef-formatted-receive_time deviceExternalId=$serial shost=$host cs3Label=Virtual System cs3=$vsys act=$cmd duser=$admin destinationServiceName=$client msg=$path externalId=$seqno PanOSDGl1=$dg_hier_level_1 PanOSDGl2=$dg_hier_level_2 PanOSDGl3=$dg_hier_level_3 PanOSDGl4=$dg_hier_level_4 PanOSVsysName=$vsys_name dvchost=$device_name PanOSActionFlags=$actionflags cs1Label=Before Change Detail cs1=$before-change-detail cs2Label=After Change Detail cs2=$after-change-detail</EM></P> <P>&nbsp;</P> <P>Check out all other CEF-style formats :</P> <P><A href="https://docs.paloaltonetworks.com/resources/cef.html" target="_blank" rel="noopener">Common Event Format (CEF) Configuration Guides</A>&nbsp;</P> <P>&nbsp;</P> <P>Hope this helps,</P> <P>-Kiwi.</P> <DIV id="ConnectiveDocSignExtentionInstalled" data-extension-version="1.0.4">&nbsp;</DIV> Thu, 25 Jun 2020 08:34:54 GMT https://live.paloaltonetworks.com/t5/general-topics/palo-alto-splunk-syslog-view/m-p/335223#M84494 kiwi 2020-06-25T08:34:54Z https://live.paloaltonetworks.com/t5/general-topics/palo-alto-splunk-syslog-view/m-p/335227#M84495 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/11943">@kiwi</a>&nbsp;</P><P>&nbsp;</P><P>I don't think so it is vsys, because it is mentioned in the last stage of format.&nbsp;</P><P>&nbsp;</P><P>Regards</P><P>venky</P> Thu, 25 Jun 2020 08:38:13 GMT https://live.paloaltonetworks.com/t5/general-topics/palo-alto-splunk-syslog-view/m-p/335227#M84495 Venkatesan_radhakrishnan 2020-06-25T08:38:13Z https://live.paloaltonetworks.com/t5/general-topics/palo-alto-splunk-syslog-view/m-p/335409#M84527 <P>Hi Community,</P><P>&nbsp;</P><P>Did you guess know what that value "1"</P><P>&nbsp;</P><DIV class="shared-eventsviewer-shared-rawfield"><DIV class="raw-event normal wrap "><SPAN class="t h">Jun</SPAN><SPAN>&nbsp;</SPAN><SPAN class="t">25</SPAN><SPAN>&nbsp;</SPAN><SPAN class="t">11:44:54</SPAN><SPAN>&nbsp;</SPAN><SPAN class="t">172.16.3.30</SPAN><SPAN>&nbsp;</SPAN><SPAN class="t">Jun</SPAN><SPAN>&nbsp;</SPAN><SPAN class="t">25</SPAN><SPAN>&nbsp;</SPAN><SPAN class="t">22:52:00</SPAN><SPAN>&nbsp;</SPAN><SPAN class="t">PA-VM</SPAN><SPAN>&nbsp;</SPAN><STRONG><SPAN class="t a"><SPAN class="t">1</SPAN></SPAN></STRONG>,<SPAN class="t">2020/06/25</SPAN><SPAN>&nbsp;</SPAN><SPAN class="t">22:52:00</SPAN>,<SPAN class="t">015351000048743</SPAN>,<SPAN class="t">CONFIG</SPAN>,<SPAN class="t">0</SPAN>,<SPAN class="t">0</SPAN>,<SPAN class="t">2020/06/25</SPAN><SPAN>&nbsp;</SPAN><SPAN class="t">22:52:00</SPAN>,<SPAN class="t">192.168.167.94</SPAN>,,<SPAN class="t">commit</SPAN>,<SPAN class="t">venky</SPAN>,<SPAN class="t">Web</SPAN>,<SPAN class="t">Submitted</SPAN>,,<SPAN class="t">9377</SPAN>,<SPAN class="t">0x0</SPAN>,<SPAN class="t">0</SPAN>,<SPAN class="t">0</SPAN>,<SPAN class="t">0</SPAN>,<SPAN class="t">0</SPAN>,,<SPAN class="t">PA-VM</SPAN></DIV></DIV> Thu, 25 Jun 2020 18:57:58 GMT https://live.paloaltonetworks.com/t5/general-topics/palo-alto-splunk-syslog-view/m-p/335409#M84527 Venkatesan_radhakrishnan 2020-06-25T18:57:58Z