Join the Conversation
- Find Answers
- :
- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Decode msgpack input, or convert to json.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Decode msgpack input, or convert to json.
Hello,
is possible to decode msgpack (TCP input) ?
Data are incoming in readable format (not in HEX), for example:
\x92\xD9@splunkprefiltered.docker.app.1.k8gfal13jx42stjeeok41nq8d.perf03\xDB\x00\x00M\xE2\x92\xCEZ.\x95\x00\x88\xA3log\xDA"\x842017-12-11 15:23:12,035 ERROR [org.jboss.as.ejb3] (EJB default - 3) WFLYEJB0022:
...
Covert to json would be enough for me.
Thanks
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes it is possible. You just write a custom data handler and declare it to be applied to your TCP Input.
There are simple examples that ship with the app that you can leverage to get started.
There are many msgpack libraries on Github you could also use for the decoding logic.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks. But I am not a programmer.. So bad luck...
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Fortunately we provide commercial support for all our free offerings such as Protocol Data Inputs , so it's rather good luck 🙂 Please get in touch with us , we'd be happy to perform the custom development work for you , www.baboonbones.com
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
And Im guessing that this addon does works only on Heavy Forwarder, right? I have universal forwarder.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Universal and Heavy Forwarder.
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
May 2026 Splunk Expert Sessions: Security & Observability
Network to App: Observability Unlocked [May & June Series]
SPL2 Deep Dives, AppDynamics Integrations, SAML Made Simple and Much More on Splunk ...
