Palo Alto application data missing from Netflow

Question

We have&nbsp;been able to get Netflow data working for a Palo Alto PA-820 firewall, but we are not seeing the application data show up.Does anyone have any suggestions on next steps we could take?Here is what has been done so far:Netflow profile has been configured on the Palo Alto side and assigned to the interface, including selecting the PAN-OS Field Types to get the App-ID and User-ID (https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/monitoring/netflow-monitoring/configure-netflow-exports)	nbar&nbsp;has been enabled on the collector:# enable netflow support for NBAR, IPV6 and Multicast fields	netflow.nbar.enabled=true	# enable netflow support for IPV6 fields	netflow.ipv6.enabled=true	Collector version is 34.003	We’re seeing everything we expect except the app &amp; systems&nbsp;data on the Traffic tab for the device:Any thoughts on what we might be missing?&nbsp;Thank you. :-)

chale_atx · Answer

I just happened across this question. As of this writing, LM doesn't support APP ID from Palo Netflow. Palo doesn't use NBAR2. It uses PAN APP ID, which LM doesn't parse right now. You'll need to talk to your sales rep and get them to post a feature request on your behalf. When we asked about it, the response was that this was a new request for them.&nbsp;

Forum Discussion

Palo Alto application data missing from Netflow

Related Content

GroovyScriptHelper issues - method missing

DataSources missing

system.info missing in the Info on a device

Email notifications missing logos

Flexible Netflow help

Recent Discussions

LM APM - Traces - HTTP Post from Powershell Scripts

dell hosts and idrac combined

Python script to run API call - AddWebsite - Need help with collectors

Can anyone help modify this Datasource to be able to use any port?

Dashboard updates