Hello,
There is an error in the props.conf of the add-on regarding the sourcetype [fgt_event]:
FIELDALIAS-fgt_config_object_category = "object"
The alias is incomplete and will be reported as a configuration error in Splunk:
WARN FieldAliaser - Invalid field alias specification in stanza 'fgt_event': FIELDALIAS-fgt_config_object_category='"object"'
Can that be corrected?
Thank you!
↧
Fortinet FortiGate Add-On for Splunk: Error in props.conf for invalid alias. Can that be corrected?
↧