Hi,
how can we filter fortinet logs from splunk like informational data type, also can i filter fori logs comming from specific ip like x.x.x.x
@islam do you have sample event where to find informational data type inside _raw and where ip address that you want to filter appear as host field/ in _raw event. you can send them nullQueue by using rex pattern.
i need to filter them while ingesting, i don't need to index specific data types like informational or data from specific IP