All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

SiLK Add-On using instrumentation app

splunklearner12
Path Finder
‎06-03-2019 02:13 AM

I have to use the SiLK Technology Add-On for a dataset for some testing on a single instance.
I have configured it and I can see under Data Inputs that the number of files and sourcetype (silk) get reocgnised correctly and the add-on is enabled, but 0 events appear in search. The sourcetype silk that was auto-configured by the SiLK add-on has a destination app of "Instrumentation" which cannot be changed. Even when selecting the Instrumentation app in settings and then doing a basic search, 0 events come up, as shown below:
alt text

I don't really understand what the Instrumentation app is. Does anyone have experience with it or with the SiLK Add-On and how to use it?

Tags (1)
Preview file
17 KB
0 Karma
Reply

chris200712
New Member
‎02-02-2020 10:33 PM

Convert the data to ascii. SILK provides a tool for doing that. Also Analysis-Pipeline should do it for you

0 Karma
Reply

chris200712
New Member
‎02-02-2020 10:31 PM

Think you may have to convert the files to ascii. Just a guess. SiLK provides a tool enabling Wireshark and such to read flow captures.

0 Karma
Reply

splunklearner12
Path Finder
‎06-03-2019 02:21 AM

Using sourcetype="silk" index=*, I can now see events coming up but all content shows jibberish characters (binary files) and incorrect timestamps...

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...