Merge branch 'hotfix/v4.0.1'

README.md

@@ -11,7 +11,7 @@ Networks Firewall
 #### Version ####
 
 * Splunk Version: 6.x
-* App Version: 4.0
+* App Version: 4.0.1
 * Last Modified: Oct 2013
 * Authors:
     * Monzy Merza - Splunk, Inc.
@@ -126,7 +126,7 @@ NetFlow graphs and charts are based on NetFlow data produced by Palo Alto Networ
 Steps to configure:
 
 - Install NetFlow Integrator on a separate server or together with Splunk Forwarder
-- Point Palo Alto Networks device NetFlow settings to NetFlow Integrator server, default port 9995 with PAN-OS Field Types enabled (see [Administrator's Guide] (https://live.paloaltonetworks.com/community/documentation/content?filterID=contentstatus[published]~category[administrators-guide]&filterID=contentstatus[published]~objecttype~objecttype[document]&itemView=detail))
+- Point Palo Alto Networks device NetFlow settings to NetFlow Integrator server, default port 9995 with PAN-OS Field Types enabled (see [Administrator's Guide](https://live.paloaltonetworks.com/community/documentation/content?filterID=contentstatus[published]~category[administrators-guide]&filterID=contentstatus[published]~objecttype~objecttype[document]&itemView=detail))
 - Enable NetFlow in the Splunk for Palo Alto Networks app setup page
 - Restart Splunk for the previous change to take effect
 - Add NetFlow Integrator output pointing to Splunk UDP port 10514
@@ -155,6 +155,11 @@ Dashboards are built with SimpleXML, so they can be modified using the Splunk GU
 
 ## What's new in this version ##
 
+Version 4.0.1
+
+- Fix: Config dashboard shows all events
+- Fix: Better handling of navbar changes
+
 Version 4.0
 
 - Splunk 6 support

appserver/controllers/nfi_nav_handler.py

@@ -6,23 +6,18 @@
 APP = 'SplunkforPaloAltoNetworks'
 ENABLED_NAV = os.path.join(os.environ['SPLUNK_HOME'], 'etc', 'apps', APP, 'default', 'data', 'ui', 'nav', 'default.xml.nfi_enabled')
 DISABLED_NAV = os.path.join(os.environ['SPLUNK_HOME'], 'etc', 'apps', APP, 'default', 'data', 'ui', 'nav', 'default.xml.nfi_disabled')
-NAV_DIR = os.path.join(os.environ['SPLUNK_HOME'], 'etc', 'apps', APP, 'local', 'data', 'ui', 'nav')
-NAV = os.path.join(os.environ['SPLUNK_HOME'], 'etc', 'apps', APP, 'local', 'data', 'ui', 'nav', 'default.xml')
+NAV = os.path.join(os.environ['SPLUNK_HOME'], 'etc', 'apps', APP, 'default', 'data', 'ui', 'nav', 'default.xml')
 
 class NAVHANDLER(controllers.BaseController):
     @expose_page(must_login=True, methods=['GET'])
     def enable(self, **kwargs):
-        if not os.path.exists(NAV_DIR):
-            os.makedirs(NAV_DIR)
         try:
             shutil.copy(ENABLED_NAV, NAV)
         except:
             pass
         return 'Enabled!'
     @expose_page(must_login=True, methods=['GET'])
     def disable(self, **kwargs):
-        if not os.path.exists(NAV_DIR):
-            os.makedirs(NAV_DIR)
         try:
             shutil.copy(DISABLED_NAV, NAV)
         except:

default/app.conf

@@ -5,7 +5,7 @@ label = Splunk for Palo Alto Networks
 [launcher]
 author= [email protected]
 description= The Splunk for Palo Alto Networks app is a set of field extractions, reports, lookups and dashboards which provide visibility into the Palo Alto Networks Firewall data. 
-version = 4.0
+version = 4.0.1
 
 [package]
 id= SplunkforPaloAltoNetworks

default/data/ui/views/config_overview.xml

@@ -27,15 +27,15 @@
         FROM pan_config WHERE earliest=$earliest$ latest=$latest$ groupby host
         | eval host_with_count = host . " (" . count . ")"</populatingSearch>
     </input>
-    <input type="dropdown" token="client">
-      <label>Client</label>
+    <input type="dropdown" token="client_type">
+      <label>Client Type</label>
       <default></default>
-      <prefix>client="</prefix>
+      <prefix>client_type="</prefix>
       <suffix>"</suffix>
       <choice value="">ANY</choice>
-      <populatingSearch fieldForValue="client" fieldForLabel="client_with_count">|tstats count(client) as count
-        FROM pan_config WHERE earliest=$earliest$ latest=$latest$ groupby client
-        | eval client_with_count = client . " (" . count . ")"</populatingSearch>
+      <populatingSearch fieldForValue="client_type" fieldForLabel="client_type_with_count">|tstats count(client_type) as count
+        FROM pan_config WHERE earliest=$earliest$ latest=$latest$ groupby client_type
+        | eval client_type_with_count = client_type . " (" . count . ")"</populatingSearch>
     </input>
     <input type="dropdown" token="cmd">
       <label>Command</label>
@@ -71,7 +71,7 @@
   <row>
     <table>
       <title>Latest Events</title>
-      <searchString>| tstats count(admin) FROM pan_config WHERE earliest=$earliest$ latest=$latest$ $host$ $admin$ $client$ $result$ $cmd$ $vsys$ groupby _time result serial_number host admin client cmd configuration_path | table _time result serial_number host admin client cmd configuration_path result | sort -_time</searchString>
+      <searchString>| tstats count(admin) FROM pan_config WHERE earliest=$earliest$ latest=$latest$ $host$ $admin$ $client_type$ $result$ $cmd$ $vsys$ groupby _time result serial_number host admin client_type cmd configuration_path | table _time result serial_number host admin client_type cmd configuration_path result | sort -_time</searchString>
       <earliestTime>$earliest$</earliestTime>
       <latestTime>$latest$</latestTime>
       <option name="charting.axisTitleX.visibility">visible</option>
@@ -118,9 +118,9 @@
             /app/SplunkforPaloAltoNetworks/search?q=`pan_config` admin="$row.admin$"&earliest=$earliest$&latest=$latest$
           ]]>
         </link>
-        <link field="client">
+        <link field="client_type">
           <![CDATA[
-            /app/SplunkforPaloAltoNetworks/search?q=`pan_config` client="$row.client$"&earliest=$earliest$&latest=$latest$
+            /app/SplunkforPaloAltoNetworks/search?q=`pan_config` client_type="$row.client_type$"&earliest=$earliest$&latest=$latest$
 	  ]]>
         </link>
         <link field="configuration_path">
@@ -134,7 +134,7 @@
   <row>
     <chart>
       <title>Config Events</title>
-      <searchString>| tstats count(cmd) AS cr FROM pan_config WHERE earliest=$earliest$ latest=$latest$ $host$ $admin$ $client$
+      <searchString>| tstats count(cmd) AS cr FROM pan_config WHERE earliest=$earliest$ latest=$latest$ $host$ $admin$ $client_type$
                     $result$ $cmd$ $vsys$ groupby _time cmd| timechart values(cr) by cmd</searchString>
       <earliestTime>$earliest$</earliestTime>
       <latestTime>$latest$</latestTime>
@@ -161,7 +161,7 @@
     </chart>
     <chart>
       <title>Configuration Administrators</title>
-      <searchString>| tstats count(admin) AS ca FROM pan_config WHERE earliest=$earliest$ latest=$latest$ $host$ $admin$ $client$ $result$ $cmd$ $vsys$ groupby _time admin | timechart values(admin) by admin</searchString>
+      <searchString>| tstats count(admin) AS ca FROM pan_config WHERE earliest=$earliest$ latest=$latest$ $host$ $admin$ $client_type$ $result$ $cmd$ $vsys$ groupby _time admin | timechart values(admin) by admin</searchString>
       <earliestTime>$earliest$</earliestTime>
       <latestTime>$latest$</latestTime>
       <option name="charting.axisTitleX.visibility">visible</option>
@@ -189,7 +189,7 @@
   <row>
     <chart>
       <title>Clients Used</title>
-      <searchString>| tstats count(client) AS cc FROM pan_config WHERE earliest=$earliest$ latest=$latest$ $host$ $admin$ $client$ $result$ $cmd$ $vsys$ groupby client</searchString>
+      <searchString>| tstats count(client_type) AS cc FROM pan_config WHERE earliest=$earliest$ latest=$latest$ $host$ $admin$ $client_type$ $result$ $cmd$ $vsys$ groupby client_type</searchString>
       <earliestTime>$earliest$</earliestTime>
       <latestTime>$latest$</latestTime>
       <option name="charting.axisTitleX.visibility">visible</option>
@@ -215,7 +215,7 @@
     </chart>
     <chart>
       <title>Results</title>
-      <searchString>| tstats count(result) AS cr FROM pan_config WHERE earliest=$earliest$ latest=$latest$ $host$ $admin$ $client$ $result$ $cmd$ $vsys$ groupby result</searchString>
+      <searchString>| tstats count(result) AS cr FROM pan_config WHERE earliest=$earliest$ latest=$latest$ $host$ $admin$ $client_type$ $result$ $cmd$ $vsys$ groupby result</searchString>
       <earliestTime>$earliest$</earliestTime>
       <latestTime>$latest$</latestTime>
       <option name="charting.axisTitleX.visibility">visible</option>

default/savedsearches.conf

@@ -109,7 +109,7 @@ displayview = flashtimeline
 enableSched = 1
 realtime_schedule = 0
 request.ui_dispatch_view = flashtimeline
-search = `pan_config` | table _time vsys host admin client cmd configuration_path result serial_number log_subtype | fillnull value="" configuration_path | tscollect namespace=pan_config
+search = `pan_config` | table _time vsys host admin client_ip client_type cmd configuration_path result serial_number log_subtype | fillnull value="" configuration_path | tscollect namespace=pan_config
 disabled = 0
 
 [PAN - Traffic - Applications]