Merge branch 'release/5.0.0'

.gitignore

@@ -1,16 +1,74 @@
 # Borrowed from https://github.com/splunk/splunk-app-splunkgit
+# and combined with https://github.com/github/gitignore/blob/master/Python.gitignore
+
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+env/
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+*.egg-info/
+.installed.cfg
+*.egg
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*,cover
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+
+# Sphinx documentation
+docs/_build/
+docs/html/
+
+# PyBuilder
+target/
 
 # OSX noise
 .DS_Store
 
-# Compiled python files
-*.pyc
-
 # Eclipse project files
 .project
 .pydevproject
 
-# Local stuff
+# Local Splunk App configuration
 local.meta
 local/*
 !local/inputs.conf.sample

LICENSE

@@ -1,2 +1,13 @@
-This work is licensed under the Creative Commons Attribution 3.0 Unported License.
-To view a copy of this license, visit http://creativecommons.org/licenses/by/3.0/.
+Copyright (c) 2015, Palo Alto Networks Inc.
+
+Permission to use, copy, modify, and/or distribute this software for any
+purpose with or without fee is hereby granted, provided that the above
+copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

README.md

@@ -1,122 +1,33 @@
 
-Splunk for Palo Alto Networks App
+Palo Alto Networks App for Splunk
 =================================
 
-## Description ##
+* **App Homepage:** https://splunkbase.splunk.com/app/491
+* **Author:** Brian Torres-Gil - Palo Alto Networks
+* **App Version:** 5.0.0
+* **Required Add-on (TA) Version:** Splunk_TA_paloalto 3.5.1 or higher  
+Note: The TA is included with this App, and does **not** have to be installed separately.
 
-Field extractions and sample reports,
-and dashboards for the Palo Alto
-Networks Firewall
+### Documentation ###
 
-#### Latest Version ####
+http://pansplunk.readthedocs.org/
 
-* Splunk Version: 6.x
-* App Version: 4.2.2
-* Last Modified: Jul 2015
-* Authors:
-    * Brian Torres-Gil - Palo Alto Networks
-    * Monzy Merza - Splunk, Inc.
 
-#### Version Compatibility ####
+### Release Notes: ###
 
-Splunk 6.x -- Palo Alto Networks App 4.x  
-Splunk 5.x -- Palo Alto Networks App 3.x
+http://pansplunk.readthedocs.org/en/latest/release_notes.html
 
-#### Support ####
 
-Further documentation can be found at:  
-https://github.com/PaloAltoNetworks-BD/SplunkforPaloAltoNetworks/wiki
+### Support ###
 
-For fastest response to support, setup, help or feedback,
-please click the __Ask a Question__ button at http://apps.splunk.com/app/491
+http://pansplunk.readthedocs.org/en/latest/support.html
 
-For bugs or feature requests, you can also open an issue on github at 
-https://github.com/PaloAltoNetworks-BD/SplunkforPaloAltoNetworks/issues
+### Install from Git ###
 
-## Quick Start Guide ##
+This app is available on [Splunkbase](http://splunkbase.splunk.com/app/491)
+and [Github](https://github.com/PaloAltoNetworks-BD/SplunkforPaloAltoNetworks).
+Optionally, you can clone the github repository to install the app.
 
-Install the app:
-
-- Unpack the tar ball into `$SPLUNK_HOME/etc/apps`
-- Restart Splunk
-
-Note: If upgrading from a previous version, please read the __Upgrade Notes__ below.
-
-### Setup Screen and Custom Commands ###
-
-The first time you run the app from the web ui, you will be presented with a setup screen. The credentials are only needed if you wish to use the `pantag`, `panblock`, `panupdate` custom commands. The WildFire API is only needed if you are a WildFire subscriber and want Splunk to index WildFire analysis reports from the cloud when a malware sample is analyzed.  These credentials will be stored in Splunk using encryption the same way other Splunk credentials are stored.
-
-If you do not wish to use these extra features, you can enter garbage values.
-
-### To get the firewall data into Splunk ###
-
-IMPORTANT: When you configure the input port, you must set the sourcetype of the firewall data to pan_log and the index to pan_logs.  This can be done from the Web UI or the CLI.  Then, configure the firewall to set traffic to Splunk.
-
-#### From the Splunk Web UI ####
-
-- Navigate to Manager -> Data Inputs -> UDP -> New
-- Set the UDP port (Palo Alto Networks firewalls default to port 514)
-- Set sourcetype: From list
-- Select source type From list: pan_log
-- Click on More settings
-- Index: pan_logs
-
-For details: http://www.splunk.com/base/Documentation/latest/admin/MonitorNetworkPorts
-
-#### From the CLI via inputs.conf ####
-
-- Edit `$SPLUNK_HOME/etc/apps/SplunkforPaloAltoNetworks/local/inputs.conf` 
-
-Example:  (Palo Alto Networks firewalls default to udp port 514)
-
-    [udp://514]
-    index= pan_logs
-    connection_host = ip
-    sourcetype = pan_log
-    no_appending_timestamp = true
-
-#### Configure the Firewall ####
-
-On the Palo Alto Networks firewall or Panorama management center, create a Log Forwarding object to send desired syslogs to the Splunk Server. Refer to the Palo Alto Networks documentation for details on log forwarding.  https://live.paloaltonetworks.com/community/documentation
-
-Note: It can take up to 5 minutes for new data to show up in the dashboards.  Palo Alto Networks devices have a variety of different logs including traffic, threat, url filtering, malware, etc. This app works with the all the default log types. Customized log types may not work, if they are not defined in the Palo Alto Networks syslog configuration documentation (PANOS-Syslog-Integration-TN-RevM).
-
-### Upgrade Notes ###
-
-Starting in version 4.1 of this app, all of the dashboards use the Splunk 6 Datamodel feature, which allows for pivot of Palo Alto Networks data and better control and acceleration of summary indexes used by the dashboards.  This replaces the TSIDX feature from Splunk 5.
-
-If you are upgrading the app from a pre-4.1 version to 4.1 or higher, then you may delete the TSIDX files that were generated by the previous version of the app.  To delete the TSIDX files, look under $SPLUNK_HOME$/var/lib/splunk/tsidxstats/ and remove any directories that start with `pan_`.  There could be up to 10 directories.
-
-After upgrade to 4.1 or higher, Splunk will backfill the datamodel with historic data up to 1 year old.  It may take some time for historic data to show up in the dashboards, but it will be available in the pivot interface and search immediately.  The time range for historic data to be available in the dashboards can be adjusted in the datamodel accelerations settings.
-
-If you have customized the built-in dashboards of a previous app version, then they will no longer work because the customized dashboards will still use TSIDX.  Remove your custom dashboards from the `local` directory of the app to use the new datamodel-based dashboards.  You can add your customizations to the new dashboards.
-
-## What's new in this version ##
-
-If upgrading from 3.x, please read the __Upgrade Notes__ above.
-
-Version 4.2.2
-
-- Fix drilldowns in Wildfire and Content dashboards
-- Fix panel in Content dashboard to display correct data
-
-Version 4.2.1
-
-- Fix Wildfire Report downloader and Applipedia New App check
-- Fix Wildfire Dashboard Drilldowns
-- Fix Threat Details Dashboard datamodel reference
-- Fix Endpoint Dashboard would not work on Splunk 6.0.x
-- Fix time range inconsistent on Overview Dashboard
-
-Version 4.2
-
-- New Palo Alto Networks [Advanced Endpoint Protection](http://media.paloaltonetworks.com/lp/traps/)
-- Support Palo Alto Networks [PAN-OS 6.1](https://www.paloaltonetworks.com/documentation/61/pan-os/newfeaturesguide.html)
-
-## Installing from Git ##
-
-This app is available on [Splunk Apps](http://apps.splunk.com/app/491) and [Github](https://github.com/PaloAltoNetworks-BD/SplunkforPaloAltoNetworks).  Optionally, you can clone the github repository to install the app.
 From the directory `$SPLUNK_HOME/etc/apps/`, type the following command:
 
     git clone https://github.com/PaloAltoNetworks-BD/SplunkforPaloAltoNetworks.git SplunkforPaloAltoNetworks
-