All Apps and Add-ons

SSL Certificate Lookup - multiple with custom port

svarendorff
Explorer

After some help. Is there any way to get this to use a custom port for the 2 server that use a non 443 port?

| makeresults
| eval dest="url1,url2,url3", dest = split (dest,",")
| mvexpand dest
| lookup sslcert_lookup dest OUTPUT ssl_subject_common_name ssl_subject_alt_name ssl_end_time ssl_validity_window
| eval ssl_subject_alt_name = split(ssl_subject_alt_name,"|")
| eval days_left = round(ssl_validity_window/86400)
| table ssl_subject_common_name ssl_subject_alt_name days_left ssl_issuer_common_name
| sort days_left

 

I tried adding the port to the first eval e.g.

| eval dest="url1,url2,url3",  dest_port=8443 , dest = split (dest,",")

 

Would be great if both the standard and custom could be returned together.

Labels (1)
0 Karma

svarendorff
Explorer

Figured it out.

| makeresults
| eval dest="url1,url2,url3", dest_port=8443, dest = split (dest,",")
| mvexpand dest
| `sslcert(dest, dest_port)`
| lookup sslcert_lookup dest, dest_port OUTPUT ssl_subject_common_name ssl_subject_alt_name ssl_end_time ssl_validity_window
| eval ssl_subject_alt_name = split(ssl_subject_alt_name,"|")
| eval days_left = round(ssl_validity_window/86400)
| table ssl_subject_common_name ssl_subject_alt_name days_left
| sort days_left

0 Karma
Get Updates on the Splunk Community!

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...

Observability protocols to know about

Observability protocols define the specifications or formats for collecting, encoding, transporting, and ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...