Pack is missing a route for pan_correlation logs
kmocribl opened this issue · 0 comments
kmocribl commented
In analyzing the Splunk TA to see what would (if anything) be effected by the pack, I noticed there wasn't a route for pan_correlation logs. The TA references the following transforms.conf stanzas in props.conf for routing to the appropriate sourcetype:
TRANSFORMS-sourcetype = pan_threat, pan_traffic, pan_system, pan_config, pan_hipmatch, pan_correlation, pan_userid, pan_globalprotect, pan_decryption