All Apps and Add-ons

I'd like to search on the decode output from the base64 command; could someone point me in that direction

rgaleone1
Path Finder

I am decoding fields and appending or replacing them in events. I would like to search on the newly appended or replaced values, but I am having difficulty forming the search. Has anyone gotten this to work? An example would be excellent.

Tags (3)
0 Karma

cleroux_splunk
Splunk Employee
Splunk Employee

That should help:

source="/tmp/tmp.log" | base64 field="secret" action="decode" | search secret="*127.0.0.1*"

Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...