Solved: PCAP analyzer for Splunk format issue

token2 · ‎02-24-2020

Derp nothing to see here- I used the generic data input and not the PCAP app specific app input

rechteklebe · ‎02-25-2020

Hi,
the PCAP Analyzer for Splunk is based on the PCAP app input, you have to define it in the UI. In the application you find a "how to get started guide".
Let me know if you have detailed questions.

View solution in original post

rechteklebe · ‎02-25-2020

Hi,
the PCAP Analyzer for Splunk is based on the PCAP app input, you have to define it in the UI. In the application you find a "how to get started guide".
Let me know if you have detailed questions.

token2 · ‎02-25-2020

I had used the data inputs menu at the top of the data input webUI. I later realized I needed to scroll down and use the PCAP app specific data input menu at the bottom.

I do have a question on that, how does one make an app that adds a data input like that in the webUI? That is really really cool.

PCAP analyzer for Splunk format issue

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

Monitoring AI Agents with Splunk Observability Cloud

Join the Conversation