All Apps and Add-ons

application

elmoujil
New Member

Hello Everyone
I am trying to program an application for Splunk and I have a little problem. the problem is that I can not retrieve the logs sent by the firewall because I do not know which file they are.
thank you.

0 Karma

Ayn
Legend

The logs are saved in Splunk's index, or "database" if you will. File system-wise, an index is distributed across a number of files, by default in $SPLUNK_HOME/var/lib. These files are in a proprietary format that cannot (easily) be used for reading directly.

More information on Splunk indexes: http://docs.splunk.com/Documentation/Splunk/latest/admin/WhatsaSplunkindex

If you already set up so that Splunk is getting the logs from the Fortigate firewall, you likely should know either source, sourcetype or host. If not, that's the place to start. Give us more details about that part of the Splunk setup, and we'll see if we can help you.

0 Karma

elmoujil
New Member

the logs are already sent (FortiGate work completed). I want to know is:
which is what the splunk server stores the logs it recovers

0 Karma

Drainy
Champion

Not forgetting its also a question for whoever configured it to log in the first place (assuming it is..)

0 Karma

Ayn
Legend

I would say that's a Fortigate question rather than a Splunk question.

0 Karma

elmoujil
New Member

Hello, i want to retrieve the logs from a Fortigate firewall, and after i will write an application for splunk to manage this logs. An application like "Splunk App for Windows"
but the problem is that i don't know where the logs are returned (in which file).thank you for your help.

0 Karma

Ayn
Legend

You need to provide much much more details. For starters, you haven't entered a question. Also, what firewall? What is the application you're writing supposed to do? What is the problem you need help with?

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...