All Apps and Add-ons

SiLK Add-On using instrumentation app

splunklearner12
Path Finder

I have to use the SiLK Technology Add-On for a dataset for some testing on a single instance.
I have configured it and I can see under Data Inputs that the number of files and sourcetype (silk) get reocgnised correctly and the add-on is enabled, but 0 events appear in search. The sourcetype silk that was auto-configured by the SiLK add-on has a destination app of "Instrumentation" which cannot be changed. Even when selecting the Instrumentation app in settings and then doing a basic search, 0 events come up, as shown below:
alt text

I don't really understand what the Instrumentation app is. Does anyone have experience with it or with the SiLK Add-On and how to use it?

Tags (1)
0 Karma

chris200712
New Member

Convert the data to ascii. SILK provides a tool for doing that. Also Analysis-Pipeline should do it for you

0 Karma

chris200712
New Member

Think you may have to convert the files to ascii. Just a guess. SiLK provides a tool enabling Wireshark and such to read flow captures.

0 Karma

splunklearner12
Path Finder

Using sourcetype="silk" index=*, I can now see events coming up but all content shows jibberish characters (binary files) and incorrect timestamps...

0 Karma
Get Updates on the Splunk Community!

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...

Observability protocols to know about

Observability protocols define the specifications or formats for collecting, encoding, transporting, and ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...