All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Fortinet FortiGate App for Splunk: Why am I receiving this Error in 'SearchParser' and that macro cannot be found in every panel on the dashboard?

znin
Engager
‎02-26-2018 09:59 AM

This is in every panel on the dashboard - "Error in 'SearchParser': The search specifies a macro 'fgt_logs' that cannot be found. Reasons include: the macro name is misspelled, you do not have "read" permission for the macro, or the macro has not been shared with this application. Click Settings, Advanced search, Search Macros to view macro information. "

In "Advanced search"-"search macro" I have only "_ftnt_dropdown(2)" 

tstats summariesonly=true count FROM datamodel="ftnt_fos" WHERE nodename="$node$" groupby $field$ | rename $field$ as field | eval field_with_count = field . " (" . count . ")"

When I search data in Splunk-search I saw every log from fortigate.

Help me with this problem. What can I do?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

jerryzhao
Contributor
‎02-26-2018 10:40 AM

I suspect you didn't install the add-on for fortigate, where the macros are defined.
https://splunkbase.splunk.com/app/2846/

View solution in original post

Reply
Solved! Jump to solution

Vox
New Member
‎12-16-2023 04:38 AM 
Hello
Is it possible for someone to help? 
I entered the log information into program, but the graphs do not show anything.
s1.pngs2.pngs3.png
 
0 Karma
Reply
Solved! Jump to solution

DanielPi
Moderator
Moderator
‎12-16-2023 05:09 AM

Hi @Vox,

 

I’m a Community Moderator in the Splunk Community. 
This question was posted 5 years ago, so it might not get the attention you need for your question to be answered. We recommend that you post a new question so that your issue can get the visibility it deserves. To increase your chances of getting help from the community, follow these guidelines in the Splunk Answers User Manual when creating your post.

 

Thank you! 

0 Karma
Reply
Solved! Jump to solution
Solution

jerryzhao
Contributor
‎02-26-2018 10:40 AM

I suspect you didn't install the add-on for fortigate, where the macros are defined.
https://splunkbase.splunk.com/app/2846/

Reply
Solved! Jump to solution

znin
Engager
‎02-26-2018 11:20 PM

Thank's jerryzhao. This is it. But now I have in dashboard overview - "Device 0", "Session 0" ect. And in dashboard traffic "No result found" on every panels.
When I search data in Splunk-search I saw every log from fortigate.

0 Karma
Reply
Solved! Jump to solution

jerryzhao
Contributor
‎02-27-2018 10:09 AM

what are the sourcetypes shown in your search result? fgt_log? or fgt_event/fgt_traffic, etc? Please take a look at the troubleshooting section in the app's details.

0 Karma
Reply
Solved! Jump to solution

znin
Engager
‎02-27-2018 01:23 PM

It works. Removing/uninstall app and add-on, reinstalling, copying the props.conf file from the default folder to the local folder, and editing this file (fgt_log change) helped.
Thanks again for help in need.

0 Karma
Reply
Get Updates on the Splunk Community!

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us in this Tech Talk and learn how to ...

.conf24 | Personalize your .conf experience with Learning Paths!

Personalize your .conf24 Experience Learning paths allow you to level up your skill sets and dive deeper ...

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...