Hi all,
Have gone through my splunk answers and tried quite a few options in setting up a Fortinet Fortigate app. Still not successful. Please help me with some more guidance.
1) My requirement is to get those beautiful dashboards already setup by Fortigate App.
2) Logs from my forti solutions are going into different sourcetype and index types.
3) How do i map it to Fortigate app? Below are my configs.
Anything am missing here?
My inputs.conf (etc/apps/Splunk_TA_fortinet_fortigate/local)
sourcetype = XXX
props.conf
[XXX]
TRANSFORMS-force_sourcetype_fgt = fortigate
SHOULD_LINEMERGE = false
...........
transforms.conf
[fortigate]
DEST_KEY = MetaData:Sourcetype
REGEX = fortigate
FORMAT = sourcetype::fortigate
dyude @venkasplunk ,
You will have to change the predefined macros and eventtypes.... Open the search of the panel ... search the macros and eventtypes .... change it to ur index and sourcetype!
Hope this helps!
dyude @venkasplunk ,
You will have to change the predefined macros and eventtypes.... Open the search of the panel ... search the macros and eventtypes .... change it to ur index and sourcetype!
Hope this helps!
Hi I am able to view the following dashboards but not all the dashboards
Working Dashboards
1. Fortinet Security Overall
2. Traffic Dashboard
3.Event Dashboard
4. VPN Dashboard
Not working Dashboard
1.Thread Dashboards
2. Authentication Dashboard
if any one know the solution please let me know same to fix it.
This is awesome and able to find beautiful graphs and dashboards, thanks a lot.