All Apps and Add-ons

TA_Fortinet add on not extracting fields properly

New Member

I installed the Splunk CIM and TA app with the goal being to upload .log files from FGTA devices. I have several from webfilter, evpn, and traffic. None of the default fgt_* sourcetypes extract fields properly. All I get is time extraction and "Event".

How can I correct this?

0 Karma

Contributor

Hi @spaniard047 ,

Where have you installed the addon? The addon should be on search head, indexer and forwarder.

0 Karma

New Member

Yes I have it installed on my local system.

0 Karma