Unknown fields on the dashboard.

seanthegeek / graylog-fortigate-syslog-pipeline

Converts FortiGate syslog fields to the correct data type and removes unnecessary fields

Apache License 2.0

2 stars 2 forks source link

Unknown fields on the dashboard. #3

Open meruffz opened 3 months ago

meruffz commented 3 months ago

All the dashboards related to any UTM fields, like DNS, Antivirus, IPS, shows a query error (Query contains unknown field: subtype / eventtype / action.

seanthegeek commented 3 months ago

Make sure you are logging in syslog format.

config log syslogd setting
    set format default
end

meruffz commented 3 months ago

Hi Sean, thanks for the reply. However, It is still not showing up the events on the additional dashboards and I'm still getting the message of unknown fields.

meruffz commented 3 months ago

Just an additional info, the log messages received contains the fields, but inside the dashboard, it doesnt show the eventtype / action / subtype fields.