All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Can I use the Splunk App for Stream to monitor or batch read a specified directory to read many PCAP files?

melonman
Motivator
‎11-23-2015 06:26 PM

Hi

I have many PCAP files that have been collected in multiple locations, and stored them under /data/pcap directory of my Splunk instance.
I want to batch read or monitor the specified directory to read all the PCAP files under the directory.

Can I do this using Stream App or any other method?

Thanks,

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

vshcherbakov_sp
Splunk Employee
Splunk Employee
‎11-30-2015 10:30 AM

Stream TA (streamfwd binary) can process pcap files using CLI - see http://docs.splunk.com/Documentation/StreamApp/6.3.2/DeployStreamApp/streamfwdcommandlineoptions . You can wrap this command line into a shell script that that iterates over all *.pcap files in a directory for batch processing.

View solution in original post

Reply
Solved! Jump to solution
Solution

vshcherbakov_sp
Splunk Employee
Splunk Employee
‎11-30-2015 10:30 AM

Stream TA (streamfwd binary) can process pcap files using CLI - see http://docs.splunk.com/Documentation/StreamApp/6.3.2/DeployStreamApp/streamfwdcommandlineoptions . You can wrap this command line into a shell script that that iterates over all *.pcap files in a directory for batch processing.

Reply
Solved! Jump to solution

melonman
Motivator
‎11-25-2015 09:07 PM

FYI, I ended up with converting PCAP dump file into XML, and put the XML into batch (sinkhole) directory...

0 Karma
Reply
Get Updates on the Splunk Community!

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Did you know that for Splunk Enterprise 9.4, Python 3.9 is the default interpreter? This shift is not just a ...