All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

SiLK Add-On using instrumentation app

splunklearner12
Path Finder
‎06-03-2019 02:13 AM

I have to use the SiLK Technology Add-On for a dataset for some testing on a single instance.
I have configured it and I can see under Data Inputs that the number of files and sourcetype (silk) get reocgnised correctly and the add-on is enabled, but 0 events appear in search. The sourcetype silk that was auto-configured by the SiLK add-on has a destination app of "Instrumentation" which cannot be changed. Even when selecting the Instrumentation app in settings and then doing a basic search, 0 events come up, as shown below:
alt text

I don't really understand what the Instrumentation app is. Does anyone have experience with it or with the SiLK Add-On and how to use it?

Tags (1)
Preview file
17 KB
0 Karma
Reply

chris200712
New Member
‎02-02-2020 10:33 PM

Convert the data to ascii. SILK provides a tool for doing that. Also Analysis-Pipeline should do it for you

0 Karma
Reply

chris200712
New Member
‎02-02-2020 10:31 PM

Think you may have to convert the files to ascii. Just a guess. SiLK provides a tool enabling Wireshark and such to read flow captures.

0 Karma
Reply

splunklearner12
Path Finder
‎06-03-2019 02:21 AM

Using sourcetype="silk" index=*, I can now see events coming up but all content shows jibberish characters (binary files) and incorrect timestamps...

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Index This | What travels the world but is also stuck in place?

April 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Realizing the full potential of your Splunk investment requires more than just understanding current usage; it ...

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

As data volumes continue to grow and environments become more distributed, managing and optimizing data ...