All Apps and Add-ons

Splunk Add-On for Nessus: How to configure inputs.conf to keep the original file directory path as the source field when pulling .nessus files?

PRO_admin
New Member

I am looking to pull my .nessus files through the spool directory, but I need to drop files in and keep their original file directory path (i.e. dropping /example/test.nessus into spool and it grab the test.nessus file). This would give me .../spool/splunk/example/test.nessus into the source field in Splunk.

I am going to use "example" in a dashboard filter using regex. This is why I need to keep the full directory path. Can someone please help me figure out what I need to change in inputs.conf, or any other files to make this work?

Thanks

0 Karma

rpille_splunk
Splunk Employee
Splunk Employee

bin/nessus2splunk.py is not designed to recursively parse, nor does it maintain the directory name that you are asking for. The source would be set to “nessus2splunk” regardless of the spool directory location. Instead of altering the script, you could clone the modular input and run multiple instances of it pointing at different spools, which would allow you to set the source appropriately in the inputs.conf stanza.

0 Karma
Get Updates on the Splunk Community!

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Deprecation of Splunk Observability Kubernetes “Classic Navigator” UI starting ...

Access to Splunk Observability Kubernetes “Classic Navigator” UI will no longer be available starting January ...

Now Available: Cisco Talos Threat Intelligence Integrations for Splunk Security Cloud ...

At .conf24, we shared that we were in the process of integrating Cisco Talos threat intelligence into Splunk ...