All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

IP Reputation - default inputs.conf

mikelanghorst
Motivator
‎09-24-2013 04:05 PM

I'm rather confused by the default inputs.conf entry:

[monitor://$SPLUNK_HOME/etc/apps/honeypot_scoring/bin/score_lookup_log.txt]
disabled = false
followTail = 0
host = score_lookup_file
sourcetype = Honey_Pot_Scorelookup_Log

Is meant to be referencing a different app? I didn't see anything in splunk-base that would supply it.

0 Karma
Reply

Matthias_BY
Communicator
‎10-24-2013 12:15 AM

Hi Mike,

If you review the python lookup script you can see that there is some code commented out. If you remove the # the lookup script will create this file and log what it recieves from your splunk search and what values are given back.

This is how i track during development how the script is working, how many lookups are performed etc.

As it can produce a lot of data dependinc how many realtime lookups of ip's you are doing i did not emable it by default to aboid eating up any splunk license.

I might have should removed the input before doing the release.

Thanks for the hit. I'll consider this for a next update.

Also make sure you add IP Reputation as tag to your answer. This is how you question gets notized from me immiditly.

Happy splunking,

Matthias

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Agent Mode Engaged! Enchaining Agentic Operations with Splunk AI Assistant 2.0

    Are you ready to transform how your team handles complex data requests? We invite you to our upcoming ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...