Hi, We’re looking for guidance on the best way to ingest FortiMail Cloud logs into Splunk Cloud. Our current environment includes: Cloud: Splunk Cloud, Fortimail Cloud - Hosted On-premise: SC4S serve, Heavy Forwarder and FortiAnalyzer on-prem   FortiMail Cloud is hosted by Fortinet, so we can’t just point it at our SC4S like we would for an on-prem appliance. We do have the option to send logs to our on-prem FortiAnalyzer, but we’re unsure if it’s better to: Route FortiMail Cloud logs → FortiAnalyzer on-prem → SC4S/HF → Splunk Cloud, Send FortiMail Cloud logs directly to SC4S via an external connection, or Use another recommended method (e.g., Fortinet APIs, log download scheduling, etc.) Has anyone implemented a similar setup for FortiMail Cloud? Any best practices or pitfalls to avoid—especially regarding secure transport, parsing, and CIM compliance? Thanks in advance! ... View more

Hello, We're using Splunk  Enterprise version 9.1.0.2 and trying to configure Splunk to send email alerts but cannot make it work. We've tried both Gmail and O365, here are the errors: 1. Email settings: Mail host: smtp.gmail.com:587, Enable TLS, enter Username and password (we use app password for smtp.gmail.com) --> Error: sendemail:561 - (530, b'5.7.0 Authentication Required. Learn more at\n5.7.0 https://support.google.com/mail/?p=WantAuthError 5-20020a17090a1a4500b00274e610dbdasm2199058pjl.8 - gsmtp', 'sender@gmail.com') while sending mail to: receive@.... 2. Email settings: Mail host: smtp.office365.com:587, Enable TLS, enter Username and password (username and password can login to Outlook successfully) --> Error: sendemail:561 - (530, b'5.7.57 Client not authenticated to send mail. [SGAP274CA0001.SGPP274.PROD.OUTLOOK.COM 2023-09-21T02:01:45.399Z 08DBB9CB1E03821B]', 'sender@senderdomain.com') while sending mail to: receive@....   Please support. Thank you. ... View more

Hello, I'm trying to add new/existing key indicator searches to my dashboard in ES, but the edit toolbar does not have the "Add Key Indicator" button. My custom dashboard: My custom dashboard Default dashboard with Key Indicators: Default dashboard with Key Indicator I also tried to clone the default "Email Activity" dashboard (which has existing key indicators in it), but the clone dashboard cannot be loaded. What should I do? If this is a bug, which log files do I need to check?   Thank you.  ... View more

Hello, I'm trying to add new/existing key indicator searches to my dashboard in ES, but the edit toolbar does not have the "Add Key Indicator" button. My custom dashboard: My custom dashboard Default dashboard with Key Indicators: Default dashboard with Key Indicator I also tried to clone the default "Email Activity" dashboard (which has existing key indicators in it), but the clone dashboard cannot be loaded. What should I do? If this is a bug, which log files do I need to check?   Thank you.  ... View more