Solved: Anybody have an idea for base64 decoding of fields...

las · ‎11-03-2016

Hi.

I have upgraded to Splunk 6.5, and have a new source, with some base64 encoded values.
I have tried looking at the varios add-ons, I could find, but none of them seems to support Splunk6.5.

Any ideas are welcome.

Thanks.

rjthibod · ‎11-03-2016

I don't think there is any other option (right now) than building your own command if you can't use an existing add-on/app.

Note, many times an add-on or an app built for 6.2 or 6.3 will actually work on 6.5 - the author hasn't tested or indicated as such on Splunkbase.

Regardless, looking at either of the two old apps/add-ons may be an opportunity for you to learn the ins and outs of building your own SPL commands.

View solution in original post

AVOLLMER · ‎01-28-2018

I built a macro to convert base64 fields and append them to your search results since I wasn't able to install apps with my privileges.
https://answers.splunk.com/answers/35521/base64-decoding-in-search.html

rjthibod · ‎11-03-2016

I don't think there is any other option (right now) than building your own command if you can't use an existing add-on/app.

Note, many times an add-on or an app built for 6.2 or 6.3 will actually work on 6.5 - the author hasn't tested or indicated as such on Splunkbase.

Regardless, looking at either of the two old apps/add-ons may be an opportunity for you to learn the ins and outs of building your own SPL commands.

Anybody have an idea for base64 decoding of fields in Splunk 6.5

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases