Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to create your own add-on? | How to parse unusual logs?

splunky_diamond
Path Finder
2 weeks ago

Hello Splunkers!

I am collecting logs from Fudo PAM for which I haven't found any suitable existing add-on on the Splunk Base website. The logs are being collected over syslog, yet the regular "syslog" sourcetype doesn't suit the events coming from my source. I was searching the web for some tutorials on how to create your own add-on in Splunk in order to parse the unusual logs like in my case, but I haven't found any. 

Could someone please help me with that? Does anyone have any tutorial or guide on how to create your own parser, or can maybe explain what is needed for that, in case it's not a difficult task?

If someone decides to provide answer themselves, by explaining how to create your own add-on, I would really appreciate detailed description that will involve such notes as: required skills, difficulty, how long it will take, and whether it's the best practice in such situations or there are more efficient ways.

Again, the main goal for me is to get my logs from Fudo PAM (coming over syslog) parsed properly. 

Thank you for taking your time reading my post and replying to it ❤️

Labels (4)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
2 weeks ago

Hi @splunky_diamond ,

the best guide in ad-on creation is the Splunk Add-On Builder app (https://splunkbase.splunk.com/app/2962).

It guides you in the creation and in the normalization of your data to have a CIM compliant data flow that you can use also in ES or ITSI.

Ciao.

Giuseppe

View solution in original post

Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
2 weeks ago

Hi @splunky_diamond ,

the best guide in ad-on creation is the Splunk Add-On Builder app (https://splunkbase.splunk.com/app/2962).

It guides you in the creation and in the normalization of your data to have a CIM compliant data flow that you can use also in ES or ITSI.

Ciao.

Giuseppe

Reply
Solved! Jump to solution

splunky_diamond
Path Finder
2 weeks ago

Thank you very much @gcusello ! 

You never fail to deliver best solutions for splunk newbies like me 🙂

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
2 weeks ago

Hi @splunky_diamond ,

it's always a pleasure!

Ciao.

Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | I’m short for "configuration file.” What am I?

May 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with a Special ...

New Articles from Academic Learning Partners, Help Expand Lantern’s Use Case Library, ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Your Guide to SPL2 at .conf24!

So, you’re headed to .conf24? You’re in for a good time. Las Vegas weather is just *chef’s kiss* beautiful in ...