Getting Data In

Fortinet filed extractions

Path Finder

Hi everyone,

I'm getting probably an issue with the extraction of my Fortinet data. I have installed the following apps:


Fortinet FortiGate App for SplunkSplunkAppForFortinet


Fortinet Fortigate Add-on for SplunkSplunk_TA_fortinet_fortigate1.6.2


Does anyone know the different of the field action and ftnt_action? because I'm getting different results there. 

In field action do I have for example "blocked" but in ftnt_action do I have "detected" and also "dropped". This is a bit confusing while I'm trying to get only blocked attacks. 

Could someone please help me?

Tags (1)
0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!