All Apps and Add-ons

With Fortinet FortiGate Add-On no output is displayed in the ES 5.3.0 dashboards

hamzeh_khosravi
New Member

Hello Dear Friends
I installed splunk enterprise security 5.3.0 on the searchhead and installed Fortinet FortiGate Add-On for Splunk on the searchhead and indexer, then configure 3 Fortigate 600C to send log on port 1514 to splunk indexer, on indexer configured data input on port 1514 with fgt_log source type.

And now on the following dashboard page in ES 5.3.0 nothing is shown.
Can you help me for troubleshooting it ?

Security Domain->Access->Access Center
Security Domain->Endpoint->Malware Center
Security Domain->Network->Traffic Center
Security Domain->Network->Intrusion Center
Security Domain->Network->Web Center
Security Domain->Network->Network Changes
Security Domain->Network->Port & Protocol Tracker
Security Domain->Identity->Session Center

TA page: https://splunkbase.splunk.com/app/2846/

0 Karma
1 Solution

jerryzhao
Contributor

replied to you in support email thread.
But anyway, also paste the questions here:
I have enterprise security 5.3.1 installed and could not find the issue you reported.

Which add-on version did you install?

Is CIM related datamodels accelerating? For example, traffic center is most likely to have data.
alt text

View solution in original post

0 Karma

hamzeh_khosravi
New Member

Thank you so much dear jerryzhao
I had forgotten to accelerating data models.
My problem was solved after I accelerated the network data model.

0 Karma

jerryzhao
Contributor

replied to you in support email thread.
But anyway, also paste the questions here:
I have enterprise security 5.3.1 installed and could not find the issue you reported.

Which add-on version did you install?

Is CIM related datamodels accelerating? For example, traffic center is most likely to have data.
alt text

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...