Re: Testing Fortinet fortigate App

Javip · ‎03-27-2018

Hi all,

I’m making some tests with Splunk indexing data from Fortigate. We receive all the info ok, and we have all the panels with data about traffic and VPN. We'll add more data types in the future.
But we don’t understand well those dashboards and panels. Do you have more info about this App? And info about sourcetypes, fields, panels….

Thanks a lot in advance!
Javier.

jerryzhao · ‎03-27-2018

in our app, we categorize different logs such as traffic, system event, utm into different sourcetypes, which is done in the add-on.
then the app defines a datamodel to simply and accelerate the search from different dashboards.
in the app there are dashboard definitions in ui folder.
You can read some splunk documentations and use our app as an example. However, for most up to date guidelines, i advise you refer to splunk documentation.
http://dev.splunk.com/view/get-started/SP-CAAAESC

Javip · ‎03-28-2018

Thanks a lot for your answer!

The next week we'll go on testing this integration and if we have more doubts I'll tell you.
Thanks.

J.

Testing Fortinet fortigate App

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Deep Dive: Accelerate threat investigation with Splunk’s AI Assistant in Security

Announcing Modern Navigation: A New Era of Splunk User Experience

Detection Engineering Office Hours: Real-World Troubleshooting & Q&A

Join the Conversation