Installation

Question about Fortinet FortiGate Add-On for Splunk in splunkbase.com platform?

badr_boukari
Explorer

Hello the Team, hope you are Okey!

 

I have a question about Fortinet FortiGate Add-On for Splunk which is available in splunkbase.com platform : https://splunkbase.splunk.com/app/2846/#/details.

I am deploying a distributed Splunk Enterprise infrastructure with a Heavy Forwarder, Indexer and Search Head. I don’t know exactly in which instance I should  install the add-on?

Is it in the search Head? Should I add data input on Heavy Forwarder Instance? I didn’t really find a clear procedure for the installation and the configuration.

 

I have to implement a BOSS Of The SoC environment (so the datasets are already available on GitHub web site)

 

Thanks, In advance.

Waiting for your response,

Labels (4)
0 Karma

Imad
Engager

My setup:

Search Head Cluster with Deployer

Indexer Cluster with Cluster Manager

 

Fortigate Add-on: Installed on Fortigate Search Head Cluster AND Fortigate Indexer Cluster. So the Add-on needs to go on both SH cluster and Indexer cluster.

 

Fortigate App: Installed only on the Search Head Cluster.

 

Hope this helps.

 

0 Karma
Get Updates on the Splunk Community!

How to Get Started with Splunk Data Management Pipeline Builders (Edge Processor & ...

If you want to gain full control over your growing data volumes, check out Splunk’s Data Management pipeline ...

Out of the Box to Up And Running - Streamlined Observability for Your Cloud ...

  Tech Talk Streamlined Observability for Your Cloud Environment Register    Out of the Box to Up And Running ...

Splunk Smartness with Brandon Sternfield | Episode 3

Hello and welcome to another episode of "Splunk Smartness," the interview series where we explore the power of ...