All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk Add-On for Nessus: How to configure inputs.conf to keep the original file directory path as the source field when pulling .nessus files?

PRO_admin
New Member
‎07-27-2015 11:21 AM

I am looking to pull my .nessus files through the spool directory, but I need to drop files in and keep their original file directory path (i.e. dropping /example/test.nessus into spool and it grab the test.nessus file). This would give me .../spool/splunk/example/test.nessus into the source field in Splunk.

I am going to use "example" in a dashboard filter using regex. This is why I need to keep the full directory path. Can someone please help me figure out what I need to change in inputs.conf, or any other files to make this work?

Thanks

0 Karma
Reply

rpille_splunk
Splunk Employee
Splunk Employee
‎07-27-2015 02:52 PM

bin/nessus2splunk.py is not designed to recursively parse, nor does it maintain the directory name that you are asking for. The source would be set to “nessus2splunk” regardless of the spool directory location. Instead of altering the script, you could clone the modular input and run multiple instances of it pointing at different spools, which would allow you to set the source appropriately in the inputs.conf stanza.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...