All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Splunk App for Stream: Where can I find a complete list of protocols automatically detected in the "app" field of stream:tcp?

kwchang_splunk
Splunk Employee
Splunk Employee
‎11-11-2015 07:42 PM

Hello,

As described in the following stream product document, the 'app' field of stream:tcp has the detected protocol name automatically, like "tor", "bittorent" or "skype".
http://docs.splunk.com/Documentation/StreamApp/6.4.0/DeployStreamApp/Whattypeofdatadoesthisappcollec...

BTW, where can I find the complete list of the protocols which can be detected automatically?

Thank you in advance.

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

vshcherbakov_sp
Splunk Employee
Splunk Employee
‎11-18-2015 10:48 AM

Hi kwchang,

I created a ticket to properly document the list of classified protocols; meanwhile please find the preliminary list below (please keep in mind that it's preliminary and subject to change, etc.):

8021q
aim
amqp
bgp
bittorrent
cotp
db2
dcerpc
dhcp
diameter
dns
drda
ftp
gmail
google_gen
gre
http
https
http_tunnel
ica
imap
informix
ipx
irc
iscsi
jabber
krb5
ldap
llc
mapi
mcs
mq
msn
msrpc
mount
mysql
netbios
netflow
nfs
pop3
postgres
radius
rdp
rip1
rip2
rpc
rtp
sip
skype
smb
smpp
smtp
sna
snmp
socks4
socks5
ssh
ssl
stun
syslog
tcp
tds
telnet
tftp
tns
tor
udp
wins

View solution in original post

Reply
Solved! Jump to solution
Solution

vshcherbakov_sp
Splunk Employee
Splunk Employee
‎11-18-2015 10:48 AM

Hi kwchang,

I created a ticket to properly document the list of classified protocols; meanwhile please find the preliminary list below (please keep in mind that it's preliminary and subject to change, etc.):

8021q
aim
amqp
bgp
bittorrent
cotp
db2
dcerpc
dhcp
diameter
dns
drda
ftp
gmail
google_gen
gre
http
https
http_tunnel
ica
imap
informix
ipx
irc
iscsi
jabber
krb5
ldap
llc
mapi
mcs
mq
msn
msrpc
mount
mysql
netbios
netflow
nfs
pop3
postgres
radius
rdp
rip1
rip2
rpc
rtp
sip
skype
smb
smpp
smtp
sna
snmp
socks4
socks5
ssh
ssl
stun
syslog
tcp
tds
telnet
tftp
tns
tor
udp
wins

Reply
Solved! Jump to solution

kwchang_splunk
Splunk Employee
Splunk Employee
‎11-18-2015 05:38 PM

Thank you.

0 Karma
Reply
Solved! Jump to solution

kwchang_splunk
Splunk Employee
Splunk Employee
‎11-18-2015 07:08 PM

It would be good if the document will contain short descriptions about the each of those and also about the related protocol parsers which we can use for parsing it with (if app=jabber, we can use XMPP for parsing the details).

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

Hello Splunkers,  We’re excited to kick off a Splunk Dashboard contest! We know that dashboards are a primary ...

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...