Hi
Running Fortigate 80c with v4.0 MR3. I've downloaded and installed the fortigate splunk app but i'm having trouble getting data into it. I can see data coming into splunk from the fortigate via manager>Apps>search. I seem to have 1 source called fortigate with data labelled in this as
host=machinename, sourcetype=fortigate,source=fortigate etc . This input increases so information is getting in but just doesn't seem to be indexed properly for the splunk fortigate app.
The inputs.conf is as follows:
[udp://514]
connection_host=int ip of fortigate
sourcetype=fortigate
no_appending_timestamp=true
I'm fairly new to splunk so i've probably got something not or misconfigured, can somebody help ?
... View more