All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

What Index Is the Watchguard App looking for?

jkwinn
Explorer
‎06-07-2018 04:33 PM

I have installed the Watchguard Firebox app installed as well as the Add-on and I have syslog data coming in from a forwarder with sourcetype=watchguard:firebox:syslog. But the app still isn't poplulating any results. My index is syslog. Should I be using a different index?

Labels (3)
0 Karma
Reply

jkwinn
Explorer
‎04-16-2020 04:24 PM

Here's how I set it up.

  1. On the Watchguard, I set it to send syslog to my splunk indexer.
  2. In Splunk, I setup an index called wg (index screenshot).
  3. In Splunk, I setup a Data Input >> UDP to listen on 22514; Manual source type: watchguard:firebox:syslog. Under More settings I set the hostname and Index to wg and specified the only IP to accept syslog input from (eg. the Watchguard cluster). (Data_Inputs screenshots).

Index Screenshot
alt text
Data_Inputs Screenshot
alt text

Preview file
54 KB
Preview file
83 KB
Reply

ansred
Explorer
‎05-31-2020 01:31 PM

@jkwinn that did the trick and the app is working for me, but I had to set it as Default the index to get it working. Thanks mate!

If you manage to modify the XML app to show more information like map of the world based on the geo information. please share it here to test it if you don't mind.

Cheers

0 Karma
Reply

ansred
Explorer
‎04-16-2020 05:36 PM

That did the trick. It's working now. Thank you!!

0 Karma
Reply

accesshealth
New Member
‎03-01-2019 03:11 AM

I am new to Splunk.
After a few hours research, I change my UDP 514 (Syslog) index from default to madder_index.
Btw, I don't have sourcetype=watchguard:firebox:syslog, so I also change it to sourcetype=syslog.
WatchGuard App is Working for me now, but not WatchGuard add-on.

0 Karma
Reply

ansred
Explorer
‎04-15-2020 11:39 PM

Hi,

Did you use 514 UDP port in order to get it working?

Can you share some screenshots please from our setup in Splunk?

0 Karma
Reply

happyjack
New Member
‎02-13-2019 04:10 PM

I'd like to try this too. Have the data coming in as syslog from the watchguard. Can search/report but no data in Firebox app/add-on. Any tips?

0 Karma
Reply

dcsdne
New Member
‎02-05-2019 01:40 PM

Did you ever find a solution to this?

0 Karma
Reply

happyjack
New Member
‎02-13-2019 04:10 PM

I'd like to try this too. Have the data coming in as syslog from the watchguard. Can search/report but no data in Firebox app/add-on. Any tips?

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

Hello Splunkers,  We’re excited to kick off a Splunk Dashboard contest! We know that dashboards are a primary ...

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...