Splunk-Apps icon indicating copy to clipboard operation
Splunk-Apps copied to clipboard

Published 20 hours ago verified publisher icon PaloAltoNetworks

SourceType Confusion

Open shepherdjay opened this issue 1 year ago • 0 comments

Documentation link

https://pan.dev/splunk/docs/universal-forwarder/

Describe the problem

In the firewall setup documentation it states to set the input for post 6.1 devices to pan:firewall

However in the splunk syslog-ng / universal-fowarder documentation it doesn't make any distinction and states the source type as pan:log

Suggested fix

Documentation should clarify whether this to should change for post 6.1 or should be set to the same pan:log for either

shepherdjay avatar Jan 26 '24 21:01 shepherdjay