barakat-abweh
commented
3 months ago Could you please add more details to the case: For example the log format and the sourcetype you configured
Closed EtemadReza closed 3 months ago
barakat-abweh
commented
3 months ago Could you please add more details to the case: For example the log format and the sourcetype you configured
EtemadReza
commented
3 months ago Thank you for your responding 1) I copy file to opt/splunk/etc/apps on both search head and indexer
2) change inputs.conf and indexes.conf [udp://5014] index = firewall_srv sourcetype = pfsense connection_host = IP no_appending_timestamp = true disabled = 0
[firewall_srv] coldPath = $SPLUNK_DB/firewall_srv/colddb homePath = $SPLUNK_DB/firewall_srv/db thawedPath = $SPLUNK_DB/firewall_srv/thaweddb
data inpout
search result
barakat-abweh
commented
3 months ago Could you please show the log format from pfsense and the version
EtemadReza
commented
3 months ago barakat-abweh
commented
3 months ago Please change it to syslog format and check
If this doesn't work I can join a meeting to help troubleshoot the issue
EtemadReza
commented
3 months ago thank you it was my fault. You said change log format your app and your support are amazing
barakat-abweh
commented
3 months ago You're welcome.
It's not your fault, I'll make sure this point is clear in the readme file.
If anything changes just contact.
hi i install it on my search head and indexer bet it dont work. can you help me