All Apps and Add-ons

2018: Fortinet Fortigate Add-on for Splunk: When I run a search, I can see events, but why am I unable to see data in any dashboards?

New Member

Hi -
I've installed the Fortinet Fortigate Add-on (splunkbase app id: 2846) Add-on, and it shows a dashboard - however, I'm not able to see any pre-built dashboard.

I do have data coming in, and can search, but was hoping to leverage the prebuilt dashboard from Fortinet add-on.

Is it required I install the older "App" as well? (splunkbase app id 2800)

0 Karma


Usually, an add-on or TA (short for technical add-on) is only responsible for the data input and parsing, e.g. properly indexing and parsing the data, making it CIM compliant etc.
If you want to have any "visual user experience" stuff, like dashboards/searches, you need to install the app, because that's what usually brings all those things.

In some cases the app is "the add-on plus dashboards", but in this case you need to have the app AND the add-on installed, according to the manual of the app.

Therefore, install both on the Splunk instances mentioned in the manual, and make sure to follow both manuals for installation instructions (especially the part that your data has to be indexed with sourcetype=fgt_log. Then everything should work out.

Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Get the T-shirt to Prove You Survived Splunk University Bootcamp

As if Splunk University, in Las Vegas, in-person, with three days of bootcamps and labs weren’t enough, now ...

Wondering How to Build Resiliency in the Cloud?

IT leaders are choosing Splunk Cloud as an ideal cloud transformation platform to drive business resilience,  ...