Troubleshooting Tip: How to troubleshoot FortiGate log parsing issues in Splunk

JKM · ‎05-27-2025

Description

This article describes how to troubleshoot when the Splunk dashboard does not parse the FortiGate logs and not showing the statistics.

Scope

Splunk, FortiGate.

Solution

Ensure that Splunk is receiving the logs. If not, follow the KB Article to troubleshoot:

Troubleshooting Tip: How to troubleshoot connection issues between FortiGate and Splunk

If Splunk is not parsing the logs using the FortiGate App, ensure it uses the latest App. There are two Apps available for Splunk from FortiGate: Fortinet FortiGate App for Splunk and Fortinet FortiGate Add-On for Splunk:

Fortinet FortiGate App for Splunk: This is an older App and supports logs from FortiOS 5.0/5.2/5.4. It can be downloaded from https://splunkbase.splunk.com/app/2800.
Fortinet FortiGate Add-On for Splunk: This is supported beginning from FortiGate Add-on for Splunk 1.5 version with FortiOS 5.6 and later versions. It can be downloaded from https://splunkbase.splunk.com/app/2846.

The Fortinet Technical Support department does not offer technical assistance for the FortiGate App for Splunk. Information from the user community might be available from sources such as Splunk Answers. For more information, review the page https://splunkbase.splunk.com/app/2800.

Screenshot 2025-05-27 085151.jpg

Troubleshooting Tip: How to troubleshoot FortiGate log parsing issues in Splunk

You are leaving our website