All Apps and Add-ons

Decode msgpack input, or convert to json.

Rialf1959
Explorer

Hello,
is possible to decode msgpack (TCP input) ?

Data are incoming in readable format (not in HEX), for example:

\x92\xD9@splunkprefiltered.docker.app.1.k8gfal13jx42stjeeok41nq8d.perf03\xDB\x00\x00M\xE2\x92\xCEZ.\x95\x00\x88\xA3log\xDA"\x842017-12-11 15:23:12,035 ERROR  [org.jboss.as.ejb3] (EJB default - 3) WFLYEJB0022:
...

Covert to json would be enough for me.
Thanks

Tags (1)
0 Karma

Damien_Dallimor
Ultra Champion

Yes it is possible. You just write a custom data handler and declare it to be applied to your TCP Input.

There are simple examples that ship with the app that you can leverage to get started.

There are many msgpack libraries on Github you could also use for the decoding logic.

0 Karma

Rialf1959
Explorer

Thanks. But I am not a programmer.. So bad luck...

0 Karma

Damien_Dallimor
Ultra Champion

Fortunately we provide commercial support for all our free offerings such as Protocol Data Inputs , so it's rather good luck 🙂 Please get in touch with us , we'd be happy to perform the custom development work for you , www.baboonbones.com

0 Karma

Rialf1959
Explorer

And Im guessing that this addon does works only on Heavy Forwarder, right? I have universal forwarder.

0 Karma

Damien_Dallimor
Ultra Champion

Universal and Heavy Forwarder.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...