All Apps and Add-ons

With Fortinet FortiGate Add-On no output is displayed in the ES 5.3.0 dashboards

hamzeh_khosravi
New Member

Hello Dear Friends
I installed splunk enterprise security 5.3.0 on the searchhead and installed Fortinet FortiGate Add-On for Splunk on the searchhead and indexer, then configure 3 Fortigate 600C to send log on port 1514 to splunk indexer, on indexer configured data input on port 1514 with fgt_log source type.

And now on the following dashboard page in ES 5.3.0 nothing is shown.
Can you help me for troubleshooting it ?

Security Domain->Access->Access Center
Security Domain->Endpoint->Malware Center
Security Domain->Network->Traffic Center
Security Domain->Network->Intrusion Center
Security Domain->Network->Web Center
Security Domain->Network->Network Changes
Security Domain->Network->Port & Protocol Tracker
Security Domain->Identity->Session Center

TA page: https://splunkbase.splunk.com/app/2846/

0 Karma
1 Solution

jerryzhao
Contributor

replied to you in support email thread.
But anyway, also paste the questions here:
I have enterprise security 5.3.1 installed and could not find the issue you reported.

Which add-on version did you install?

Is CIM related datamodels accelerating? For example, traffic center is most likely to have data.
alt text

View solution in original post

0 Karma

hamzeh_khosravi
New Member

Thank you so much dear jerryzhao
I had forgotten to accelerating data models.
My problem was solved after I accelerated the network data model.

0 Karma

jerryzhao
Contributor

replied to you in support email thread.
But anyway, also paste the questions here:
I have enterprise security 5.3.1 installed and could not find the issue you reported.

Which add-on version did you install?

Is CIM related datamodels accelerating? For example, traffic center is most likely to have data.
alt text

0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...