I have tried all the base64 decoding apps in splunk base with no luck. The apps decode the first character and stop at the first null.
I want to add a custom command (.py) or script that will decode the base64 encode field value and remove the nulls. Preferrably, I would like a command I invoke at will with and eval, like
|eval decoded_val = myCommand encoded_val | table decoded_val
Please advise how I would create a custom command like this.
Thank you
I find the documentation to be incredibly helpful.
https://docs.splunk.com/Documentation/Splunk/7.1.2/Search/Customsearchcommandshape
https://docs.splunk.com/Documentation/Splunk/7.1.2/Search/Writeasearchcommand
http://dev.splunk.com/view/python-sdk/SP-CAAAEU2
Take those links and look at my decimaltoip search command in my jkats toolkit app https://splunkbase.splunk.com/app/3265/
Then modify for your use.
thank you, I think I found some of this info already.
will followup with specific questions
Thanks