Hello
I'm new to Splunk community and I'd like to start using Splunk as a syslog server for all traffic generated from our firewall.
We'd like to send all the logs from the firewall to the Splunk machine, using the FortiGate add-on.
Our firewall is sending the traffic log as source/destination IP address format, and we'd like to present it in the Splunk dashboard as hostnames. Like every IP subnet presented as a name. for example:
-- all source IPs from subnet 192.168.1.0/24 presented in Splunk dashboard as : company1_123_PO1_region1
-- all source IPs from subnet 192.168..2.0/24 presented in Splunk dashboard as : company2_321_PO2_region2
We already have a csv file which has all this information.
How can we accomplish this task?
Thanks