I have installed the Watchguard Firebox app installed as well as the Add-on and I have syslog data coming in from a forwarder with sourcetype=watchguard:firebox:syslog. But the app still isn't poplulating any results. My index is syslog. Should I be using a different index?
Here's how I set it up.
Index Screenshot
Data_Inputs Screenshot
@jkwinn that did the trick and the app is working for me, but I had to set it as Default the index to get it working. Thanks mate!
If you manage to modify the XML app to show more information like map of the world based on the geo information. please share it here to test it if you don't mind.
Cheers
That did the trick. It's working now. Thank you!!
I am new to Splunk.
After a few hours research, I change my UDP 514 (Syslog) index from default to madder_index.
Btw, I don't have sourcetype=watchguard:firebox:syslog, so I also change it to sourcetype=syslog.
WatchGuard App is Working for me now, but not WatchGuard add-on.
Hi,
Did you use 514 UDP port in order to get it working?
Can you share some screenshots please from our setup in Splunk?
I'd like to try this too. Have the data coming in as syslog from the watchguard. Can search/report but no data in Firebox app/add-on. Any tips?
Did you ever find a solution to this?
I'd like to try this too. Have the data coming in as syslog from the watchguard. Can search/report but no data in Firebox app/add-on. Any tips?