All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Hurricane Labs Add-On for Unified2 compatibility?

mnmblair
Explorer
‎08-05-2019 04:28 PM

Is this app compatible with the latest version of Splunk and Splunk UF? Is this intended to replace the need for barnyard2?

Reply
1 Solution
Solved! Jump to solution
Solution

mcmaster
Communicator
‎08-06-2019 06:59 AM

Hey there -

We're not officially supporting the Unified2 TA, as we've moved on from it and use Suricata now. That said, it should still work in the latest UF, as it relies on the system Python rather than Splunk's built-in Python. It was indeed intended to replace barnyard2.

If you try it with the newest UF and it doesn't work, we can provide some best effort help if you need it.

View solution in original post

0 Karma
Reply
Solved! Jump to solution

mnmblair
Explorer
‎02-05-2020 06:00 AM

Hi mcmaster,
Does this parse Unified2 event_types, i.e. mpls_ID, vlan_ID, app_ID? Will it work with Python3?

0 Karma
Reply
Solved! Jump to solution
Solution

mcmaster
Communicator
‎08-06-2019 06:59 AM

Hey there -

We're not officially supporting the Unified2 TA, as we've moved on from it and use Suricata now. That said, it should still work in the latest UF, as it relies on the system Python rather than Splunk's built-in Python. It was indeed intended to replace barnyard2.

If you try it with the newest UF and it doesn't work, we can provide some best effort help if you need it.

0 Karma
Reply
Solved! Jump to solution

mnmblair
Explorer
‎02-05-2020 05:48 AM

Hi mcmaster,
Will this work with Python3? Does it parse unified2 event_types, i.e. mpls, vlan, appid?

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...