I installed the Splunk CIM and TA app with the goal being to upload .log files from FGTA devices. I have several from webfilter, evpn, and traffic. None of the default fgt_* sourcetypes extract fields properly. All I get is time extraction and "Event".
How can I correct this?
Hi @spaniard047 ,
Where have you installed the addon? The addon should be on search head, indexer and forwarder.
Yes I have it installed on my local system.