Solved: Re: Fortinet FortiGate APP: Data from different in...

venkasplunk · ‎07-11-2019

Hi all,

Have gone through my splunk answers and tried quite a few options in setting up a Fortinet Fortigate app. Still not successful. Please help me with some more guidance.

1) My requirement is to get those beautiful dashboards already setup by Fortigate App.
2) Logs from my forti solutions are going into different sourcetype and index types.
3) How do i map it to Fortigate app? Below are my configs.

Anything am missing here?

My inputs.conf (etc/apps/Splunk_TA_fortinet_fortigate/local)

sourcetype = XXX

props.conf

[XXX]
TRANSFORMS-force_sourcetype_fgt = fortigate
SHOULD_LINEMERGE = false

...........

transforms.conf

sourcetype

[fortigate]
DEST_KEY = MetaData:Sourcetype
REGEX = fortigate
FORMAT = sourcetype::fortigate

vinod94 · ‎07-12-2019

dyude @venkasplunk ,

You will have to change the predefined macros and eventtypes.... Open the search of the panel ... search the macros and eventtypes .... change it to ur index and sourcetype!

Hope this helps!

View solution in original post

vinod94 · ‎07-12-2019

dyude @venkasplunk ,

You will have to change the predefined macros and eventtypes.... Open the search of the panel ... search the macros and eventtypes .... change it to ur index and sourcetype!

Hope this helps!

kagamalai · ‎07-06-2021

Hi I am able to view the following dashboards but not all the dashboards

Working Dashboards

1. Fortinet Security Overall

2. Traffic Dashboard

3.Event Dashboard

4. VPN Dashboard

Not working Dashboard

1.Thread Dashboards

2. Authentication Dashboard

if any one know the solution please let me know same to fix it.

venkasplunk · ‎07-13-2019

This is awesome and able to find beautiful graphs and dashboards, thanks a lot.

Fortinet FortiGate APP: Data from different indexers and sources

sourcetype

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!