Hey guys,
I have an input for Palo Alto that was created using the Palo Alto content pack available in the marketplace, which includes all the streams, dashboards, and extractors. This was working fine, but it seems that after I updated to 2.2 last week the extractor fields for this input are not creating the fields. If I test the extractors manually they work in the test, but they just don’t work. I have tried deleting the input and recreating it manually, manually creating extractors, using different types of extractors, different types of inputs (gelf, udp, raw, etc), and nothing is working. The only other thing that has changed is implementing the threat intel plugin from the marketplace and creating the pipeline rules for that. I hope this is something that is really obvious that I’m missing.
Thanks