Installation
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Question about Fortinet FortiGate Add-On for Splunk in splunkbase.com platform?

badr_boukari
Explorer
‎08-27-2020 02:52 AM

Hello the Team, hope you are Okey!

 

I have a question about Fortinet FortiGate Add-On for Splunk which is available in splunkbase.com platform : https://splunkbase.splunk.com/app/2846/#/details.

I am deploying a distributed Splunk Enterprise infrastructure with a Heavy Forwarder, Indexer and Search Head. I don’t know exactly in which instance I should  install the add-on?

Is it in the search Head? Should I add data input on Heavy Forwarder Instance? I didn’t really find a clear procedure for the installation and the configuration.

 

I have to implement a BOSS Of The SoC environment (so the datasets are already available on GitHub web site)

 

Thanks, In advance.

Waiting for your response,

Labels (4)
0 Karma
Reply

Imad
Engager
‎01-16-2023 06:18 AM

My setup:

Search Head Cluster with Deployer

Indexer Cluster with Cluster Manager

 

Fortigate Add-on: Installed on Fortigate Search Head Cluster AND Fortigate Indexer Cluster. So the Add-on needs to go on both SH cluster and Indexer cluster.

 

Fortigate App: Installed only on the Search Head Cluster.

 

Hope this helps.

 

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...