Powered by

# Update Splunk Index

The index definition is set by a search macro.

Macro Default Description
pan_iot_index index=iot Index definition for Palo Alto Networks IoT asset index.

Update the index definition to the correct index that contains the pan:iot_device sourcetype.

# How to update

  1. (In Splunk Enterprise Security) Navigate to Configure > General > General Settings.
  2. From the "App" dropdown select SA-PaloAltoIoTDevices.
  3. Update the SA-PaloAltoIoTDevices Index definition and click "Save."
  1. Navigate to Settings > Advanced Search > Search Macros.
  2. From the "App" dropdown choose SA-PaloAltoIoTDevices.
  3. Set the "Owner" dropdown to any.
  4. Click the macro named pan_iot_index to update the index definition.