Hi Guys,
Can i just check is it possible for me to direct ingest the Fortigate Fortinet logs in to my Splunk environment ?
Meaning without using Forwarder + syslog server (method), like the following guide for a standalone environment from fortinet :
https://www.fortinet.com/content/dam/fortinet/assets/alliances/Fortinet-Splunk-Deployment-Guide.pdf
My current environment setup are as follows :
1 x Search Head/Node Master role Server.
2 x Cluster Indexer Server.
If direct ingest method is possible in my environment, how should i go about configuring it to ensure both my indexer have a replicated copy of the data that was ingested from Fortinet ?
Thanks in advance!
↧