Hi @ananthan123 - Please accept the best answer so your question will be marked as resolved. But you can up-vote the other answers as well, that way these users will know you're appreciative of their help 🙂 Thanks and Happy Splunking! ... View more

@griffinpair - Just so you know, there is special markup language on this site so certain symbols will transform your post. If you wrap a word in the asterisk symbol * or _ , without wrapping it in a code sample , it will italicize the word. If you wish to show the * (i.e. you are displaying sample code), simply click on the Code Sample icon to the right of the Blockquote icon in the formatting toolbar. That is how I was able to edit your post so that the * will display. ... View more

@ahansson89 - Downvoting should only be reserved for suggestions/solutions that could be potentially harmful for a Splunk environment or goes completely against known best practices. Simply commenting with more information about what didn't work and what you've tried (or whatever other info may be relevant) would suffice to help you troubleshoot further. ... View more

@hrithiktej - Glad you were able to work with Splunk Support to find the solution to your issue. I've converted your comment to an answer so please click "Accept" below to resolve your question, and so others can easily find this question should they run into the same issue. Thanks! ... View more

@lgrachek - Are you using any of the Fortigate apps or add-ons on Splunkbase? If yes, which one? Just want to make sure your post is tagged appropriately for better visibility. Thanks. ... View more

@vgollapudi - Glad you were able to find the solution to your question. Please don't forget to click "Accept" to resolve your question so that others can easily find it if they run into the same issue. Thanks! ... View more

@aartivig289 - Please "Accept" the answer by vasanthmss to resolve your question. Thanks. ... View more

Hi @micheledagostino - Apologies for the super late response! I'm glad that your question got resolved though. In regards to how you can get your question addressed to the right users/developers: -It's kind of a hit-or-miss. Generally, using the appropriate tags on Answers is helpful. If you are using a Splunkbase app/add-on, make sure you tag your question with that particular app or add-on (don't use nicknames or shortcuts; it has to be the name of the app/add-on that is listed in Splunkbase). You can tell if it's an app/add-on Splunkbase because the tag will be blue in color and have a gear icon in the tag name. That's probably the best way on Answers to get a response from developers or experts of that particular app/add-on as it is encouraged that they follow that tag. Response may time may vary but generally developers are pretty good about responding to things. -Another way to get a question addressed is to (if you're not already a part of it) post it in our public Slack chat. People ask each other for immediate help on there daily. You can share your question/link to your post there to see if anyone can take a stab at it. You first have to request access through http://splk.it/slack. Fill out the form, and once you receive the approval email from our Community Manager (usually the approval process may take a couple days), you can access Slack.com and ask for help in the #general channel OR if it is a specific Splunk product, there is usually a separate channel that you can search for. I hope that helps! ... View more

@kteng2024 - Looks like you have a few possible solutions to your question. If one of them provided a working solution, please don't forget to click "Accept" below the best answer to resolve this post. If you still need help, please leave a comment. Don’t forget to upvote anything that was helpful too. Thanks! ... View more

@WEI_LI_YU - Glad you were able to find the solution to your question. Please don't forget to click "Accept" to resolve your question so others can find it. Thanks! ... View more

@gwobben - If the fix linked by tpavlik provided the solution to your question, please make sure you mark "Accept" under his answer. Thanks! ... View more

Thanks for confirming! I just want to make sure your post is tagged appropriately. ... View more

@Libabbles - When you say MHN, did you mean the Modern Honey Network app found on Splunkbase? ... View more

@dantimola - Did the answer by adayton20 help provide a working solution to your question? If yes, please don't forget to resolve this post by clicking "Accept". If no, please leave a comment with more feedback. Thanks! ... View more

@asotorod - If the answer provided by richgalloway provided a working solution to your question, please don't forget to resolve this post by clicking "Accept". Thanks! ... View more

Hi @wayne.stringfield - Glad you were able to figure out and resolve the issue on your own. Please don't forget to click "Accept" below your answer to resolve your question. Thanks. ... View more

@enrique_rodriguez - Glad to hear that you found the solution to your question. Please click "Accept" below your answer so that others can easily find it if they run into the same issue. Thank you. ... View more

Hi @rakeshroberts, You may want to take a look at this documentation regarding compatibility between forwarders and indexers: http://docs.splunk.com/Documentation/Splunk/6.6.1/Forwarding/Compatibilitybetweenforwardersandindexers It may answer your question. ... View more

Hi @amir_thales - I just converted pyro_wood's comment to an answer so you can "Accept" their answer and close your question. Thank you. ... View more

@johnwilling - Did your answer provide a working solution to your question? If yes and you would like to close out your post, don't forget to click "Accept". But if you'd like to keep it open for possibilities of other answers, you don't have to take action on it yet. Thanks! ... View more

@amilavsky - Thanks for coming back to answer your question, is this the working solution? If yes, please don't forget to click "Accept" to close out your question so others can find it if they're having the same issue. Thanks! ... View more

@dewoodruff - Glad you found the solution to your question. Please don't forget to click "Accept" to close out your question and upvote any answers/comments that were helpful. Thanks! ... View more

@aliakseidzianisau - Downvoting should be reserved for suggestions/solutions that could be potentially harmful for a Splunk environment or goes completely against known best practices. pyro_wood was attempting to answer the question even though the original poster was vague in their explanation. ... View more

@prathapkcsc - Just so you know, there is special markup language on this site so certain symbols will transform your post. If you wrap a word in the asterisk symbol * or _ , without wrapping it in a code sample , it will italicize the word. If you wish to show the * (i.e. you are displaying sample code or search), simply click on the Code Sample icon to the right of the Blockquote icon in the formatting toolbar. That is how I was able to edit your post so that the * will display. ... View more

@nvegesn222 - Can you provide the search that you used? That would be helpful for users attempting to assist you in how you got your initial output and how you want your output to look like. In general, your question has a greater chance of being answered by experts in the Answers community when when you provide as much information and context as possible. Thanks. ... View more