All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

I'd like to search on the decode output from the base64 command; could someone point me in that direction

rgaleone1
Path Finder
‎03-13-2015 08:48 AM

I am decoding fields and appending or replacing them in events. I would like to search on the newly appended or replaced values, but I am having difficulty forming the search. Has anyone gotten this to work? An example would be excellent.

Tags (3)
0 Karma
Reply

cleroux_splunk
Splunk Employee
Splunk Employee
‎03-16-2015 12:02 AM

That should help:

source="/tmp/tmp.log" | base64 field="secret" action="decode" | search secret="*127.0.0.1*"

Reply
Get Updates on the Splunk Community!

New in Observability - Improvements to Custom Metrics SLOs, Log Observer Connect & ...

The latest enhancements to the Splunk observability portfolio deliver improved SLO management accuracy, better ...

Improve Data Pipelines Using Splunk Data Management

  Register Now   This Tech Talk will explore the pipeline management offerings Edge Processor and Ingest ...

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?

Register Join this Tech Talk to learn how unique features like Service Centric Views, Tag Spotlight, and ...