Hi,
I'm still trying to get my Fortigate logs to parse correctly. I've ran into a new problem: double type fields. I use the type field to identify my logs but the Fortigate logs itself also have a type field.
Once I try parsing the recorded logs that leads to errors.
How can I best handle this?
I tried replacing my type "fortigate" with tags/id "fortigate" but when I do that my logs are not recorded anymore.