All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

With Fortinet FortiGate Add-On no output is displayed in the ES 5.3.0 dashboards

hamzeh_khosravi
New Member
‎09-01-2019 05:17 AM

Hello Dear Friends
I installed splunk enterprise security 5.3.0 on the searchhead and installed Fortinet FortiGate Add-On for Splunk on the searchhead and indexer, then configure 3 Fortigate 600C to send log on port 1514 to splunk indexer, on indexer configured data input on port 1514 with fgt_log source type.

And now on the following dashboard page in ES 5.3.0 nothing is shown.
Can you help me for troubleshooting it ?

Security Domain->Access->Access Center
Security Domain->Endpoint->Malware Center
Security Domain->Network->Traffic Center
Security Domain->Network->Intrusion Center
Security Domain->Network->Web Center
Security Domain->Network->Network Changes
Security Domain->Network->Port & Protocol Tracker
Security Domain->Identity->Session Center

TA page: https://splunkbase.splunk.com/app/2846/

Preview file
46 KB
Preview file
54 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

jerryzhao
Contributor
‎09-03-2019 11:07 AM

replied to you in support email thread.
But anyway, also paste the questions here:
I have enterprise security 5.3.1 installed and could not find the issue you reported.

Which add-on version did you install?

Is CIM related datamodels accelerating? For example, traffic center is most likely to have data.
alt text

View solution in original post

Preview file
62 KB
0 Karma
Reply
Solved! Jump to solution

hamzeh_khosravi
New Member
‎10-01-2019 07:12 AM

Thank you so much dear jerryzhao
I had forgotten to accelerating data models.
My problem was solved after I accelerated the network data model.

0 Karma
Reply
Solved! Jump to solution
Solution

jerryzhao
Contributor
‎09-03-2019 11:07 AM

replied to you in support email thread.
But anyway, also paste the questions here:
I have enterprise security 5.3.1 installed and could not find the issue you reported.

Which add-on version did you install?

Is CIM related datamodels accelerating? For example, traffic center is most likely to have data.
alt text

Preview file
62 KB
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Search APIを使えば調査過程が残せます

   このゲストブログは、JCOM株式会社の情報セキュリティ本部・専任部長である渡辺慎太郎氏によって執筆されました。 Note: This article is published in both Japanese ...

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

 Splunk is More Than Just the Web Console For Digital Forensics and Incident Response (DFIR) practitioners, ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...