'All Incidents' dashboard counters 'Waiting for data...' in Splunk 8.1.2 #163
Labels
Comments
btorresgil
changed the title
|
Hi just @btorresgil just wanted to see if there would be any update on this? Regards Shaun |
|
@Mufassa12, I just submitted https://github.com/PaloAltoNetworks/Splunk-Apps/pull/164v in case you need to get this fixed ASAP. It's a fairly trivial update. |
btorresgil
pushed a commit
that referenced
this issue
Mar 10, 2021
Starting in Splunk 8.1, the tokens used to zero out the counters cause an infinite loop that makes the counters flash. This removes the use of tokens to zero out the counters when no data exists. Fixes #163 Authored-by: Jacob Evans <jacob.p.evans@gmail.com>
github-actions bot
pushed a commit
that referenced
this issue
Mar 12, 2021
### [6.5.1](v6.5.0...v6.5.1) (2021-03-12) ### Bug Fixes * **addon:** Add fields for GlobalProtect logs * **addon:** Parse GP and Decryption logs w/ pan:firewall - #168 * **app:** Incident counters flash in Splunk 8.1 - #163
github-actions bot
pushed a commit
that referenced
this issue
Mar 14, 2021
### [6.5.1](v6.5.0...v6.5.1) (2021-03-14) ### Bug Fixes * **addon:** Add fields for GlobalProtect logs * **addon:** Parse GP and Decryption logs w/ pan:firewall - #168 * **app:** Incident counters flash in Splunk 8.1 - #163
github-actions bot
pushed a commit
that referenced
this issue
Mar 14, 2021
### [6.5.1](v6.5.0...v6.5.1) (2021-03-14) ### Bug Fixes * **addon:** Add fields for GlobalProtect logs * **addon:** Parse GP and Decryption logs w/ pan:firewall - #168 * **app:** Incident counters flash in Splunk 8.1 - #163
|
🎉 This issue has been resolved in version 6.5.1 🎉 This release is available on SplunkBase: App - Add-on
|
|
legendary, thanks for getting this update in. |
github-actions bot
pushed a commit
that referenced
this issue
Apr 1, 2021
## [6.6.0](v6.5.2...v6.6.0) (2021-04-01) ### Features * **addon:** Cortex Data Lake HEC log support - #162 #176 * **app/addon:** Add IoT Security - #158 ### Bug Fixes * **addon:** Add fields for GlobalProtect logs * **addon:** Add modinputs as tasks in app.manifest - #153 * **addon:** Fix GlobalProtect logs dvc_name field * **addon:** Fix nav bar background color * **addon:** Parse GP and Decryption logs w/ pan:firewall - #168 * **app:** Incident counters flash in Splunk 8.1 - #163 * **app/addon:** correct user-id tag_user / untag_user
|
🎉 This issue has been resolved in version 6.6.0 🎉 This release is available on SplunkBase: App - Add-on
|
1 similar comment
|
🎉 This issue has been resolved in version 6.6.0 🎉 This release is available on SplunkBase: App - Add-on
|
github-actions bot
pushed a commit
to btorresgil/SplunkforPaloAltoNetworks
that referenced
this issue
Mar 7, 2022
## [5.0.0-beta.1](v4.2.2...v5.0.0-beta.1) (2022-03-07) ### Features * **addon:** Add Decryption Log Support for PANOS 10 - PaloAltoNetworks#126 * **addon:** Cortex Data Lake HEC log support - PaloAltoNetworks#162 PaloAltoNetworks#176 * **addon:** PAN Quality Validation and Improvement * **addon:** Significantly improve and modernize CIM compliance * **app/addon:** Add Cortex XDR incident support to App and Add-on including new XDR Incidents dashboard - PaloAltoNetworks#166 * **app/addon:** Add IoT Security - PaloAltoNetworks#158 * **app/addon:** Feature/dynamic user groups - PaloAltoNetworks#150 * **app/addon:** Python 3 Support - PaloAltoNetworks#124 * **app/addon:** Support GlobalProtect log type in PANOS 9.1 - PaloAltoNetworks#118 * **app/addon:** Update pandevice to 0.14.0 - PaloAltoNetworks#145 ### Bug Fixes * **addon:** Add fields for GlobalProtect logs * **addon:** Add fields for GlobalProtect logs * **addon:** Add GlobalProtect SourceUserName - PaloAltoNetworks#209 PaloAltoNetworks#202 * **addon:** Add modinputs as tasks in app.manifest - PaloAltoNetworks#153 * **addon:** Add virus eventtype to malware CIM - PaloAltoNetworks#114 PaloAltoNetworks#138 * **addon:** Fix appserver/static files * **addon:** Fix CDL logs contained string 'null' in 'user' field - PaloAltoNetworks#187 * **addon:** Fix error from Minemeld automatic lookup * **addon:** Fix GlobalProtect logs dvc_name field * **addon:** Fix GlobalProtect logs dvc_name field * **addon:** Fix nav bar background color * **addon:** Fix src_user field contained destination user - PaloAltoNetworks#186 * **addon:** Fix typo in transform.conf ([PaloAltoNetworks#227](https://github.com/btorresgil/SplunkforPaloAltoNetworks/issues/227)) * **addon:** Fix user showing as unknown from GlobalProtect logs. - PaloAltoNetworks#217 * **addon:** Parse GP and Decryption logs w/ pan:firewall - PaloAltoNetworks#168 * **addon:** Parse GP and Decryption logs w/ pan:firewall - PaloAltoNetworks#168 * **addon:** Remove endpoint tags and eventtypes - PaloAltoNetworks#196 * **addon:** Remove port from `dest_name` field - PaloAltoNetworks#129 PaloAltoNetworks#128 * **addon:** Remove white space from GlobalProtect sourcetype - PaloAltoNetworks#131 * **addon:** Restore "unknown" string for empty 'user' field * **app:** Fix error after upgrade to 7.0.0: "Unknown search command 'panwildfirereport'" - PaloAltoNetworks#189 * **app:** Fix IoT Security dashboard filter - PaloAltoNetworks#181 * **app:** Fix panContentPack error. Fixes bug [PaloAltoNetworks#222](https://github.com/btorresgil/SplunkforPaloAltoNetworks/issues/222) - PaloAltoNetworks#225 * **app:** Incident counters flash in Splunk 8.1 - PaloAltoNetworks#163 * **app:** Incident counters flash in Splunk 8.1 - PaloAltoNetworks#163 * **app:** Remove endpoint from Data Model Audit dashboard - PaloAltoNetworks#218 * **app/addon:** correct user-id tag_user / untag_user * **app/addon:** Fix background color of logo - PaloAltoNetworks#141 ### Performance Improvements * **app:** Change simple XML to use JQuery 3.5 - PaloAltoNetworks#207 * **app:** Remove high cardinality fields from datamodel ### ⚠ MAJOR RELEASE CHANGES This is a major release Splunk dashboards and searches you have created might be affected by these changes. Please be prepared to test and adjust any dashboards not included with the App after upgrade. * **addon:** pan_traffic_start logs no longer included in CIM * **addon:** pan_traffic_end logs moved from Network Session to Network Traffic datamodel * **addon:** pan_threat event type now includes wildfire and data logs * **addon:** pan_file logs moved from Web to IDS datamodel * **addon:** pan_virus logs moved from Malware to IDS datamodel * **addon:** pan_wildfire logs moved from Malware to IDS datamodel * **addon:** pan_email removed from Email datamodel * **app:** Removes datamodel for GlobalProtect logs before PAN-OS 9.1 * **app/addon:** Removes Traps 4 support * **app/addon:** Deprecates Traps 5 and Traps 6 support * **app:** Removes support for legacy WildFire Report API * **app/addon:** Requires Splunk 8.0 or higher * **app/addon:** Replaces Adversary Scoreboard and Incident Feed dashboards with new XDR Incidents dashboard
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
Counters at the top of the All Incidents page toggle between 0 and 'Waiting for data...' over and over. This is not an issue on Splunk 8.0 and is first seen in Splunk 8.1.2. Unknown at this time if it affects other Splunk 8.1 versions besides 8.1.2.
Expected behavior
The search should complete and return a counter number.
Current behavior
Toggles back and forth between 0 and 'Waiting for data...'
Possible solution
This dashboard will change in a coming app versions anyway, so that will resolve the problem. Unknown if this is fixable in currently released app versions as it uses a creative variable system to run the search when the dashboard loads. This technique was used to improve backward compatibility with older Splunk versions, but has now broken in 8.1.2. We might be able to change it to use another method, but unknown at this time.
Steps to reproduce
Screenshots
Your Environment
The text was updated successfully, but these errors were encountered: