Splunk Enterprise Security

Fortinet FortiGate APP: Data from different indexers and sources

venkasplunk
New Member

Hi all,

Have gone through my splunk answers and tried quite a few options in setting up a Fortinet Fortigate app. Still not successful. Please help me with some more guidance.

1) My requirement is to get those beautiful dashboards already setup by Fortigate App.
2) Logs from my forti solutions are going into different sourcetype and index types.
3) How do i map it to Fortigate app? Below are my configs.

Anything am missing here?

My inputs.conf (etc/apps/Splunk_TA_fortinet_fortigate/local)

sourcetype = XXX

props.conf

[XXX]
TRANSFORMS-force_sourcetype_fgt = fortigate
SHOULD_LINEMERGE = false

...........

transforms.conf

sourcetype

[fortigate]
DEST_KEY = MetaData:Sourcetype
REGEX = fortigate
FORMAT = sourcetype::fortigate

0 Karma
1 Solution

vinod94
Contributor

dyude @venkasplunk ,

You will have to change the predefined macros and eventtypes.... Open the search of the panel ... search the macros and eventtypes .... change it to ur index and sourcetype!

Hope this helps!

View solution in original post

0 Karma

vinod94
Contributor

dyude @venkasplunk ,

You will have to change the predefined macros and eventtypes.... Open the search of the panel ... search the macros and eventtypes .... change it to ur index and sourcetype!

Hope this helps!

0 Karma

kagamalai
Explorer

Hi I am able to view the following dashboards but not all the dashboards 

Working Dashboards

1. Fortinet Security Overall

2. Traffic Dashboard

3.Event Dashboard

4. VPN Dashboard

Not working Dashboard

1.Thread Dashboards

2. Authentication Dashboard

if any one know the solution please let me know same to fix it.

0 Karma

venkasplunk
New Member

This is awesome and able to find beautiful graphs and dashboards, thanks a lot.

0 Karma
Get Updates on the Splunk Community!

Splunk Forwarders and Forced Time Based Load Balancing

Splunk customers use universal forwarders to collect and send data to Splunk. A universal forwarder can send ...

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Today, Splunk Observability releases log views, a new feature for users to add their logs data from Splunk Log ...

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

Hello everyone! Don't wait to submit - The deadline is August 12th! We have truly missed the community so ...