Hi,
it seems, that i am having the same trouble than rogerv (by the way: is it solved? how?).
logging from i.e. a fortigate 60c, v4.3, to splunk (i had to work with props.conf and transforms.conf, as there are multiple devices sending log to udp/514).
"search sourcetype=fortigate*" shows events, but only sourcetype=fortigate, no sourcetypes like fortigate_traffic, or something.
on the fortigates, "Enable CSV Format" is unchecked...
any ideas?
regards,
Maik
... View more