Copyright © 2019 Fortinet, Inc. All rights reserved. Fortinet
®
, FortiGate
®
, FortiCare
®
and FortiGuard
®
, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law
trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other
results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied,
except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in
such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal
lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most
current version of the publication shall be applicable. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this
publication without notice, and the most current version of the publication shall be applicable.
www.fortinet.com
June 27, 2019 6:04 AM
D:\Fortinet\Deployment Guide\Fortinet and Splunk\DG - Fortinet FortiGate and Splunk
DEPLOYMENT GUIDE | Fortinet FortiGate and Splunk
170843-A-0-EN
Troubleshooting
What to do if data doesn’t show up in the Dashboards?
1. Go to Settings > Data Inputs. Verify that you have a UDP data input enabled on port 514.
2. Go to Settings > Indexes.
3. Verify that your Index (typically main) is receiving data and that the Latest Event is recent. If not, verify the FortiGate Syslog settings are
correct and that it can reach the Splunk server.
Summary
The Fortinet FortiGate App for Splunk solution delivers advanced security reporting and analysis in the datacenter that benefits operational
reporting, as well as providing simplified and configurable dashboard views across Fortinet firewall appliances, physical and virtual. The
FortiGate add-on enables Splunk Enterprise and Enterprise Security to ingest or map security and traffic data collected from FortiGate
physical and virtual appliances across domains.
Solution Brief: https://www.fortinet.com/content/dam/fortinet/assets/alliances/SolutionBrief-Fortinet-Splunk.pdf
Fortinet FortiGate App for Splunk: https://splunkbase.splunk.com/app/2800/
Fortinet FortiGate Add-On for Splunk: https://splunkbase.splunk.com/app/2846/