Compatibility with PaloAltoCDL

[TBSJordanNash]

Describe the bug

By updating the requirements.txt file, I am able to re-deploy with Web App, and events are flowing from CDL into Sentinel via HTTPS. However, this function is creating distinct _CL files for each filter in CDL. I now have url_CL, userID_CL, and others, instead of flowing to the common event log that the official Palo Alto solution is parsing (and to which the older AMA/syslog solutions were sending events).

Is this Web App compatible with the official PaloAltoCDL solution, or will I need to create my own workbooks, analytics, etc.?
https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/PaloAltoCDL

[bradlsi01]

Did you get anywhere with this? We would rather use the webapp rather than have to stand up a syslog collector, but not having th data in the PaloAltoCDL solution may be an issue.