All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Installed App v1.3 on Splunk 6.6.2 do not see any new data inputs

Mostlyqueries
Explorer
‎02-17-2018 10:24 AM

I do not see any new data inputs, I tried refreshing and restarting splunk.
Is there a video showing the install and how to get data to be used by the application?
Will there be something that allows to decode with protobuf?

0 Karma
Reply

Damien_Dallimor
Ultra Champion
‎02-18-2018 09:08 PM

You need to write a custom data handler to decode the protobuf binary payload. This is the purpose of custom data handlers.The app ships with several examples in different languages to get you started.There are many libraries available (just google) containing the logic to decode protobuf , so it would likely be very simply to create a custom data handler.

http://www.baboonbones.com/blog/get-binary-data-splunk/

0 Karma
Reply

Mostlyqueries
Explorer
‎02-19-2018 02:58 PM

When a python script uses import inside the custom data handler, where does it look to find it?

Is it in here: /opt/splunk/etc/apps/protocol_ta/bin/vertx_modules/io.vertx~lang-jython~2.1.1/ ?

I am getting errors inside splunkd.log when I save the Protocol Data Input, so it looks like it is trying.

0 Karma
Reply

493669
Super Champion
‎02-17-2018 06:06 PM

Refer this and follow guidelines for Setup, Configuration and Troubleshooting:
https://splunkbase.splunk.com/app/1901/#/details

0 Karma
Reply

Mostlyqueries
Explorer
‎02-18-2018 12:03 PM

Took a look. Attempted again , this time putting Java on first and not installing the app in the gui , but did it by hand with a tar.
Dont know which part helped, but I can see the Protocol Data Inputs in Data inputs now.

I still don't know how to get splunk to run the protobuf with the proto files I have.
Basically I have a linux command that works, and I need splunk to do it so I can index the data.

protoc --decode TelemetryStream firewall.proto -I /usr/include -I .

Is this the Custom data handler section?

0 Karma
Reply

493669
Super Champion
‎02-18-2018 05:52 PM

have a look at https://www.splunk.com/blog/2014/11/11/protocol-data-inputs.html if it doesn't help then @Damien Dallimore can help you.

0 Karma
Reply
Get Updates on the Splunk Community!

Brains, Bytes, and Boston: Learn from the Best at .conf25

When you think of Boston, you might picture colonial charm, world-class universities, or even the crack of a ...

Splunk AppDynamics Agents Webinar Series

Mark your calendars! On June 24th at 12PM PST, we’re going live with the second session of our Splunk ...

SplunkTrust Application Period is Officially OPEN!

It's that time, folks! The application/nomination period for the 2025 SplunkTrust is officially open! If you ...