Hello,
I'm having some problems while configuring the app.
I've configured it according to the documentation in Splunkbase (both Add-on and App). I'm sending the logs through udp:515 (I have udp:514 as Data Input with syslog sourcetype for other devices), created the relevant Data Input (with default parameters, so no sourcetype nor index). I know data is coming to the Splunk server, as I can see the traffic with a tcpdump, but I can't see any info in the dashboard (or even from the Search & Reporting App, which is odd).
I have installed the other Fortinet App before (I don't have the add-on, just the app) and receiving the data through udp:513 and I can see some info.
Could somebody advise what could be happening, why am I not seeing any data from udp:515?
Any help will be much appreciated
↧