04-17-2023 08:23 AM
I was trying to see the capabilities of the log retrieval using splunk, and I can retrieve about 115 lines of data from splunk, the splunk job is finished, and there is data being transferred back and forth that can be seen with tcpump, but after a set number of lines the job just sits there, and will never complete. there is adequate disk space. I can view the job in splunk and its complete. Is this simply a wishlist idea that hasn't been fully implemented. I'd like to know that I should just give up trying. Just about to update to expedition_1.2.57.all.deb, but have been running expedition_1.2.56.all.deb, and 55 when trying to get this to work. I have the palo alto splunk add on. I have the palo alto app installed. I use it for other things
04-17-2023 08:32 AM
I just discovered after updating and some ssh session output logging, that this may be due to a space in the device name
PHP Warning: file(/PALogs/Primary Firewall_traffic_2023_04_14_last_calendar_day.csv)
and the 27kb file is called Primary, and is not in csv format. So I may need to recreate the device definition, because I can't seem to rename the device.
04-17-2023 08:32 AM
I just discovered after updating and some ssh session output logging, that this may be due to a space in the device name
PHP Warning: file(/PALogs/Primary Firewall_traffic_2023_04_14_last_calendar_day.csv)
and the 27kb file is called Primary, and is not in csv format. So I may need to recreate the device definition, because I can't seem to rename the device.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
