Hi all,
I’m making some tests with Splunk indexing data from Fortigate. We receive all the info ok, and we have all the panels with data about traffic and VPN. We'll add more data types in the future.
But we don’t understand well those dashboards and panels. Do you have more info about this App? And info about sourcetypes, fields, panels….
Thanks a lot in advance!
Javier.
in our app, we categorize different logs such as traffic, system event, utm into different sourcetypes, which is done in the add-on.
then the app defines a datamodel to simply and accelerate the search from different dashboards.
in the app there are dashboard definitions in ui folder.
You can read some splunk documentations and use our app as an example. However, for most up to date guidelines, i advise you refer to splunk documentation.
http://dev.splunk.com/view/get-started/SP-CAAAESC
Thanks a lot for your answer!
The next week we'll go on testing this integration and if we have more doubts I'll tell you.
Thanks.
J.