Solved: Looking for ICMP in Stream?

AzJimbo · ‎12-06-2014

Trying to see if I can get ICMP in Stream. Any suggestions? Don't want to go the pdml parser route if I can tease it out of already installed Stream app.

mdickey_splunk · ‎12-08-2014

ICMP is not currently supported by stream; however, it is on our list of protocols to add for a future release.

View solution in original post

dcavuto_splunk · ‎04-08-2016

It's a good point, AzJimbo. I'm the new Product Manager for Stream, and I appreciate your feedback!

I'll take a look at the backlog and see if we can prioritize ICMP in an upcoming Stream release.

Thanks!
-David

AzJimbo · ‎07-20-2016

Awesome! Stream app 6.6.0 now has ICMP. Thank you.

mdickey_splunk · ‎12-08-2014

ICMP is not currently supported by stream; however, it is on our list of protocols to add for a future release.

AzJimbo · ‎12-08-2014

Thanks- I'm look to use it to enhance security analysis.

AzJimbo · ‎04-08-2016

Sooooo..... it's been a couple of years; but I still don't see ICMP in the Stream App? I'm currently running nfdump just so I can get the ICMP, but would much rather use just the Stream app. Looking to detect and alert on icmp tunneling, a method to stealthy exfil data out of a compromised network. (http://www.cs.uit.no/~daniels/PingTunnel/) .

Looking for ICMP in Stream?

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor