All Apps and Add-ons

With Fortinet FortiGate Add-On no output is displayed in the ES 5.3.0 dashboards

hamzeh_khosravi
New Member

Hello Dear Friends
I installed splunk enterprise security 5.3.0 on the searchhead and installed Fortinet FortiGate Add-On for Splunk on the searchhead and indexer, then configure 3 Fortigate 600C to send log on port 1514 to splunk indexer, on indexer configured data input on port 1514 with fgt_log source type.

And now on the following dashboard page in ES 5.3.0 nothing is shown.
Can you help me for troubleshooting it ?

Security Domain->Access->Access Center
Security Domain->Endpoint->Malware Center
Security Domain->Network->Traffic Center
Security Domain->Network->Intrusion Center
Security Domain->Network->Web Center
Security Domain->Network->Network Changes
Security Domain->Network->Port & Protocol Tracker
Security Domain->Identity->Session Center

TA page: https://splunkbase.splunk.com/app/2846/

0 Karma
1 Solution

jerryzhao
Contributor

replied to you in support email thread.
But anyway, also paste the questions here:
I have enterprise security 5.3.1 installed and could not find the issue you reported.

Which add-on version did you install?

Is CIM related datamodels accelerating? For example, traffic center is most likely to have data.
alt text

View solution in original post

0 Karma

hamzeh_khosravi
New Member

Thank you so much dear jerryzhao
I had forgotten to accelerating data models.
My problem was solved after I accelerated the network data model.

0 Karma

jerryzhao
Contributor

replied to you in support email thread.
But anyway, also paste the questions here:
I have enterprise security 5.3.1 installed and could not find the issue you reported.

Which add-on version did you install?

Is CIM related datamodels accelerating? For example, traffic center is most likely to have data.
alt text

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...