All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk Add-On for Nessus: How to configure inputs.conf to keep the original file directory path as the source field when pulling .nessus files?

PRO_admin
New Member
‎07-27-2015 11:21 AM

I am looking to pull my .nessus files through the spool directory, but I need to drop files in and keep their original file directory path (i.e. dropping /example/test.nessus into spool and it grab the test.nessus file). This would give me .../spool/splunk/example/test.nessus into the source field in Splunk.

I am going to use "example" in a dashboard filter using regex. This is why I need to keep the full directory path. Can someone please help me figure out what I need to change in inputs.conf, or any other files to make this work?

Thanks

0 Karma
Reply

rpille_splunk
Splunk Employee
Splunk Employee
‎07-27-2015 02:52 PM

bin/nessus2splunk.py is not designed to recursively parse, nor does it maintain the directory name that you are asking for. The source would be set to “nessus2splunk” regardless of the spool directory location. Instead of altering the script, you could clone the modular input and run multiple instances of it pointing at different spools, which would allow you to set the source appropriately in the inputs.conf stanza.

0 Karma
Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...