jscott4t;
Here's how I got the app to work using a FortiGate 3040B:
On the FG: Aim your syslogs at the Splunk indexer on a high port - I used 5012
On the Indexer: Configure a UDP Data input with:
"Source name override" = fortigate
"Set sourcetype" = manual
"Source type" = fortigate
I per formed a splunk stop/clean eventdata/start and started immediately seeing FG traffic and the app started to be able to see it also. Our FG is just in a test lab so it's not too chatty, but I am at least seeing data.
... View more