Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

OS Impact of ADDON-21209 - Splunk Add-on for Unix and Linux - 'Description' field is not properly extracted from events for service.sh script in CentOS 7 configurations'

sh1pit76
Explorer
‎12-18-2019 07:44 AM

Our organization would like to deploy the Splunk Add-on for Unix and Linux to gain support for Python 3 on our 7.2.3 Splunk deployment. However, due to our having a large number of CentOS systems in our infrastrucutre, there is some concern over the potential OS impact of ADDON-21209. If anyone can elaborate a bit more on this issue, and help me understand the potential implications of running this Add-On on our network, I would greatly appreciate it.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

hkubavat_splunk
Splunk Employee
Splunk Employee
‎12-19-2019 02:40 AM

First of can you please help me to understand first why python 3 support in 7.2.3 Splunk. AFAIK python 3 support is in Quake(8.0.0).
Also, This addon is using shell script of data collection so there is not python code except the setup page. In this particular JIRA when field value contains the space than it gets trimmed.

[NIX] 'Description' field is not properly extracted from events for service.sh script in CentOS 7 configurations

Event indexed into Splunk

Tue Feb 5 14:52:21 IST 2019 type=systemctl UNIT=vmtoolsd.service, LOADED=loaded, ACTIVE=active, SUB=running, DESCRIPTION=Service for virtual machines hosted on VMware

Extracted field from event:

DESCRIPTION= Service

Here DESCRIPTION field got trimmed out and not properly extracted.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

hkubavat_splunk
Splunk Employee
Splunk Employee
‎12-19-2019 02:40 AM

First of can you please help me to understand first why python 3 support in 7.2.3 Splunk. AFAIK python 3 support is in Quake(8.0.0).
Also, This addon is using shell script of data collection so there is not python code except the setup page. In this particular JIRA when field value contains the space than it gets trimmed.

[NIX] 'Description' field is not properly extracted from events for service.sh script in CentOS 7 configurations

Event indexed into Splunk

Tue Feb 5 14:52:21 IST 2019 type=systemctl UNIT=vmtoolsd.service, LOADED=loaded, ACTIVE=active, SUB=running, DESCRIPTION=Service for virtual machines hosted on VMware

Extracted field from event:

DESCRIPTION= Service

Here DESCRIPTION field got trimmed out and not properly extracted.

0 Karma
Reply
Solved! Jump to solution

sh1pit76
Explorer
‎12-19-2019 08:46 AM

My mistake. The Python 3 support mention was related to another add-on that we were looking at. I am mainly looking for validation of my assessment, that this add-on would not present any performance or security risks to targeted CentOS systems. If all we have to worry about are missing, malformed, or trimmed fields, then I would think that the risks to remote CentOS systems are moot.

0 Karma
Reply
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...