I can't get splunk for fortigate to use the index where my fortigate data are placed.
When i put index=fortigate before every search the results are comming up perfectly.
my input look like this:
[udp://5140]
index = fortigate
sourcetype = fortigate
no_ appending_timestamp = true
just to clarify that my data are in index fortigate
... View more