All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk Add-On for Nessus: How to configure inputs.conf to keep the original file directory path as the source field when pulling .nessus files?

PRO_admin
New Member
‎07-27-2015 11:21 AM

I am looking to pull my .nessus files through the spool directory, but I need to drop files in and keep their original file directory path (i.e. dropping /example/test.nessus into spool and it grab the test.nessus file). This would give me .../spool/splunk/example/test.nessus into the source field in Splunk.

I am going to use "example" in a dashboard filter using regex. This is why I need to keep the full directory path. Can someone please help me figure out what I need to change in inputs.conf, or any other files to make this work?

Thanks

0 Karma
Reply

rpille_splunk
Splunk Employee
Splunk Employee
‎07-27-2015 02:52 PM

bin/nessus2splunk.py is not designed to recursively parse, nor does it maintain the directory name that you are asking for. The source would be set to “nessus2splunk” regardless of the spool directory location. Instead of altering the script, you could clone the modular input and run multiple instances of it pointing at different spools, which would allow you to set the source appropriately in the inputs.conf stanza.

0 Karma
Reply
Get Updates on the Splunk Community!

Accelerating Observability as Code with the Splunk AI Assistant

We’ve seen in previous posts what Observability as Code (OaC) is and how it’s now essential for managing ...

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

 Splunk is More Than Just the Web Console For Digital Forensics and Incident Response (DFIR) practitioners, ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...