Hello the Team, hope you are Okey!
I have a question about Fortinet FortiGate Add-On for Splunk which is available in splunkbase.com platform : https://splunkbase.splunk.com/app/2846/#/details.
I am deploying a distributed Splunk Enterprise infrastructure with a Heavy Forwarder, Indexer and Search Head. I don’t know exactly in which instance I should install the add-on?
Is it in the search Head? Should I add data input on Heavy Forwarder Instance? I didn’t really find a clear procedure for the installation and the configuration.
I have to implement a BOSS Of The SoC environment (so the datasets are already available on GitHub web site)
Thanks, In advance.
Waiting for your response,