All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk App for Stream: Where can I find a complete list of protocols automatically detected in the "app" field of stream:tcp?

kwchang_splunk
Splunk Employee
Splunk Employee
‎11-11-2015 07:42 PM

Hello,

As described in the following stream product document, the 'app' field of stream:tcp has the detected protocol name automatically, like "tor", "bittorent" or "skype".
http://docs.splunk.com/Documentation/StreamApp/6.4.0/DeployStreamApp/Whattypeofdatadoesthisappcollec...

BTW, where can I find the complete list of the protocols which can be detected automatically?

Thank you in advance.

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

vshcherbakov_sp
Splunk Employee
Splunk Employee
‎11-18-2015 10:48 AM

Hi kwchang,

I created a ticket to properly document the list of classified protocols; meanwhile please find the preliminary list below (please keep in mind that it's preliminary and subject to change, etc.):

8021q
aim
amqp
bgp
bittorrent
cotp
db2
dcerpc
dhcp
diameter
dns
drda
ftp
gmail
google_gen
gre
http
https
http_tunnel
ica
imap
informix
ipx
irc
iscsi
jabber
krb5
ldap
llc
mapi
mcs
mq
msn
msrpc
mount
mysql
netbios
netflow
nfs
pop3
postgres
radius
rdp
rip1
rip2
rpc
rtp
sip
skype
smb
smpp
smtp
sna
snmp
socks4
socks5
ssh
ssl
stun
syslog
tcp
tds
telnet
tftp
tns
tor
udp
wins

View solution in original post

Reply
Solved! Jump to solution
Solution

vshcherbakov_sp
Splunk Employee
Splunk Employee
‎11-18-2015 10:48 AM

Hi kwchang,

I created a ticket to properly document the list of classified protocols; meanwhile please find the preliminary list below (please keep in mind that it's preliminary and subject to change, etc.):

8021q
aim
amqp
bgp
bittorrent
cotp
db2
dcerpc
dhcp
diameter
dns
drda
ftp
gmail
google_gen
gre
http
https
http_tunnel
ica
imap
informix
ipx
irc
iscsi
jabber
krb5
ldap
llc
mapi
mcs
mq
msn
msrpc
mount
mysql
netbios
netflow
nfs
pop3
postgres
radius
rdp
rip1
rip2
rpc
rtp
sip
skype
smb
smpp
smtp
sna
snmp
socks4
socks5
ssh
ssl
stun
syslog
tcp
tds
telnet
tftp
tns
tor
udp
wins

Reply
Solved! Jump to solution

kwchang_splunk
Splunk Employee
Splunk Employee
‎11-18-2015 05:38 PM

Thank you.

0 Karma
Reply
Solved! Jump to solution

kwchang_splunk
Splunk Employee
Splunk Employee
‎11-18-2015 07:08 PM

It would be good if the document will contain short descriptions about the each of those and also about the related protocol parsers which we can use for parsing it with (if app=jabber, we can use XMPP for parsing the details).

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...