All Apps and Add-ons

TA_Fortinet add on not extracting fields properly

New Member

I installed the Splunk CIM and TA app with the goal being to upload .log files from FGTA devices. I have several from webfilter, evpn, and traffic. None of the default fgt_* sourcetypes extract fields properly. All I get is time extraction and "Event".

How can I correct this?

0 Karma

Contributor

Hi @spaniard047 ,

Where have you installed the addon? The addon should be on search head, indexer and forwarder.

0 Karma

New Member

Yes I have it installed on my local system.

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!