Getting Data In

Fortinet filed extractions

g_paternicola
Path Finder

Hi everyone,

I'm getting probably an issue with the extraction of my Fortinet data. I have installed the following apps:

 

Fortinet FortiGate App for SplunkSplunkAppForFortinet

1.5.1

Fortinet Fortigate Add-on for SplunkSplunk_TA_fortinet_fortigate1.6.2

 

Does anyone know the different of the field action and ftnt_action? because I'm getting different results there. 

In field action do I have for example "blocked" but in ftnt_action do I have "detected" and also "dropped". This is a bit confusing while I'm trying to get only blocked attacks. 

Could someone please help me?

Tags (1)
0 Karma
Get Updates on the Splunk Community!

Stay Connected: Your Guide to July and August Tech Talks, Office Hours, and Webinars!

Dive into our sizzling summer lineup for July and August Community Office Hours and Tech Talks. Scroll down to ...

Edge Processor Scaling, Energy & Manufacturing Use Cases, and More New Articles on ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Get More Out of Your Security Practice With a SIEM

Get More Out of Your Security Practice With a SIEMWednesday, July 31, 2024  |  11AM PT / 2PM ETREGISTER ...