- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Installed App v1.3 on Splunk 6.6.2 do not see any ...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Installed App v1.3 on Splunk 6.6.2 do not see any new data inputs
I do not see any new data inputs, I tried refreshing and restarting splunk.
Is there a video showing the install and how to get data to be used by the application?
Will there be something that allows to decode with protobuf?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You need to write a custom data handler to decode the protobuf binary payload. This is the purpose of custom data handlers.The app ships with several examples in different languages to get you started.There are many libraries available (just google) containing the logic to decode protobuf , so it would likely be very simply to create a custom data handler.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
When a python script uses import inside the custom data handler, where does it look to find it?
Is it in here: /opt/splunk/etc/apps/protocol_ta/bin/vertx_modules/io.vertx~lang-jython~2.1.1/ ?
I am getting errors inside splunkd.log when I save the Protocol Data Input, so it looks like it is trying.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Refer this and follow guidelines for Setup, Configuration and Troubleshooting:
https://splunkbase.splunk.com/app/1901/#/details
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Took a look. Attempted again , this time putting Java on first and not installing the app in the gui , but did it by hand with a tar.
Dont know which part helped, but I can see the Protocol Data Inputs in Data inputs now.
I still don't know how to get splunk to run the protobuf with the proto files I have.
Basically I have a linux command that works, and I need splunk to do it so I can index the data.
protoc --decode TelemetryStream firewall.proto -I /usr/include -I .
Is this the Custom data handler section?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
have a look at https://www.splunk.com/blog/2014/11/11/protocol-data-inputs.html if it doesn't help then @Damien Dallimore can help you.
Detecting Remote Code Executions With the Splunk Threat Research Team
Observability | Use Synthetic Monitoring for Website Metadata Verification
More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk
