Hello, this is my first experience with Splunk Cloud and I would like to know how to configure the sending of events from my fortinet firewall to my splunk cloud using a Heavy Fowarder. In my firewall I put the IP of my Heavy Fowarder and configured the UDP port 514 to send the events to the Heavy Fowarder. In my heay fowarder in data inputs I configured port 514 with source fgt_log and index=Firewall. The app Context I placed my Cloud instance. Even running all this process I can't see the events from my firewall in the Splunk Cloud. NOTE: The Heavy fowarder is communicating with the Cloud, I validated the communication in Deployment Instances. Port 514 is enabled on the firewall, so I think I'm making a mistake in some configuration. Can you help me please? ... View more

Hello, this is my first experience with SplunkCloud and I would like to ask for some help. I am trying to forward logs from fortinet to my Heavy Forwarder, I have configured UDP port 514 and sourcetype fortigate_log as per the option presented in datainputs. After the settings and index choice, I started searching for the events but without success. Can you help me configure so that the events appear in both Heavy Forwarder and Splunk Cloud? NOTE: My environment has two Heavy Forwarders and no Deployment server, the communication is direct with the Splunk Cloud.   ... View more