Re: Decode msgpack input, or convert to json.

Rialf1959 · ‎12-11-2017

Hello,
is possible to decode msgpack (TCP input) ?

Data are incoming in readable format (not in HEX), for example:

\x92\xD9@splunkprefiltered.docker.app.1.k8gfal13jx42stjeeok41nq8d.perf03\xDB\x00\x00M\xE2\x92\xCEZ.\x95\x00\x88\xA3log\xDA"\x842017-12-11 15:23:12,035 ERROR  [org.jboss.as.ejb3] (EJB default - 3) WFLYEJB0022:
...

Covert to json would be enough for me.
Thanks

Damien_Dallimor · ‎12-11-2017

Yes it is possible. You just write a custom data handler and declare it to be applied to your TCP Input.

There are simple examples that ship with the app that you can leverage to get started.

There are many msgpack libraries on Github you could also use for the decoding logic.

Rialf1959 · ‎12-12-2017

Thanks. But I am not a programmer.. So bad luck...

Damien_Dallimor · ‎12-12-2017

Fortunately we provide commercial support for all our free offerings such as Protocol Data Inputs , so it's rather good luck 🙂 Please get in touch with us , we'd be happy to perform the custom development work for you , www.baboonbones.com

Rialf1959 · ‎12-12-2017

And Im guessing that this addon does works only on Heavy Forwarder, right? I have universal forwarder.

Damien_Dallimor · ‎12-12-2017

Universal and Heavy Forwarder.

Decode msgpack input, or convert to json.

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Join the Conversation