Hi,
We had this app deployed in our Splunk Cloud instance running 6.4 it worked fine. We have now upgraded to 6.5 and when we run the following search:
index=* | eval base64_decode = "dzAwdCwgdGhpcyBpcyBkZWNvZGVkIHN1Y2Nlc3NmdWxseSAhIQ==" | base64 field=base64_decode action=decode | table base64_decode
We get errors like this:
Search Factory: Unknown search command 'base64'.
However if i change the search to this:
index=* | stats count | eval base64_decode = "dzAwdCwgdGhpcyBpcyBkZWNvZGVkIHN1Y2Nlc3NmdWxseSAhIQ==" | base64 field=base64_decode action=decode | table base64_decode
It works. This is not a fix of course but does seem to imply that the fucntion is present and works under some conditions. Is anyone able to explain this so that we can get it working for the first example as this is how we need it to work.
Thanks,
... View more