I have to use the SiLK Technology Add-On for a dataset for some testing on a single instance.
I have configured it and I can see under Data Inputs that the number of files and sourcetype (silk) get reocgnised correctly and the add-on is enabled, but 0 events appear in search. The sourcetype silk that was auto-configured by the SiLK add-on has a destination app of "Instrumentation" which cannot be changed. Even when selecting the Instrumentation app in settings and then doing a basic search, 0 events come up, as shown below:
I don't really understand what the Instrumentation app is. Does anyone have experience with it or with the SiLK Add-On and how to use it?
Convert the data to ascii. SILK provides a tool for doing that. Also Analysis-Pipeline should do it for you
Think you may have to convert the files to ascii. Just a guess. SiLK provides a tool enabling Wireshark and such to read flow captures.
Using sourcetype="silk" index=*, I can now see events coming up but all content shows jibberish characters (binary files) and incorrect timestamps...