All Apps and Add-ons
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk App for Stream: Where can I find a complete list of protocols automatically detected in the "app" field of stream:tcp?

kwchang_splunk
Splunk Employee
Splunk Employee
‎11-11-2015 07:42 PM

Hello,

As described in the following stream product document, the 'app' field of stream:tcp has the detected protocol name automatically, like "tor", "bittorent" or "skype".
http://docs.splunk.com/Documentation/StreamApp/6.4.0/DeployStreamApp/Whattypeofdatadoesthisappcollec...

BTW, where can I find the complete list of the protocols which can be detected automatically?

Thank you in advance.

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

vshcherbakov_sp
Splunk Employee
Splunk Employee
‎11-18-2015 10:48 AM

Hi kwchang,

I created a ticket to properly document the list of classified protocols; meanwhile please find the preliminary list below (please keep in mind that it's preliminary and subject to change, etc.):

8021q
aim
amqp
bgp
bittorrent
cotp
db2
dcerpc
dhcp
diameter
dns
drda
ftp
gmail
google_gen
gre
http
https
http_tunnel
ica
imap
informix
ipx
irc
iscsi
jabber
krb5
ldap
llc
mapi
mcs
mq
msn
msrpc
mount
mysql
netbios
netflow
nfs
pop3
postgres
radius
rdp
rip1
rip2
rpc
rtp
sip
skype
smb
smpp
smtp
sna
snmp
socks4
socks5
ssh
ssl
stun
syslog
tcp
tds
telnet
tftp
tns
tor
udp
wins

View solution in original post

Reply
Solved! Jump to solution
Solution

vshcherbakov_sp
Splunk Employee
Splunk Employee
‎11-18-2015 10:48 AM

Hi kwchang,

I created a ticket to properly document the list of classified protocols; meanwhile please find the preliminary list below (please keep in mind that it's preliminary and subject to change, etc.):

8021q
aim
amqp
bgp
bittorrent
cotp
db2
dcerpc
dhcp
diameter
dns
drda
ftp
gmail
google_gen
gre
http
https
http_tunnel
ica
imap
informix
ipx
irc
iscsi
jabber
krb5
ldap
llc
mapi
mcs
mq
msn
msrpc
mount
mysql
netbios
netflow
nfs
pop3
postgres
radius
rdp
rip1
rip2
rpc
rtp
sip
skype
smb
smpp
smtp
sna
snmp
socks4
socks5
ssh
ssl
stun
syslog
tcp
tds
telnet
tftp
tns
tor
udp
wins

Reply
Solved! Jump to solution

kwchang_splunk
Splunk Employee
Splunk Employee
‎11-18-2015 05:38 PM

Thank you.

0 Karma
Reply
Solved! Jump to solution

kwchang_splunk
Splunk Employee
Splunk Employee
‎11-18-2015 07:08 PM

It would be good if the document will contain short descriptions about the each of those and also about the related protocol parsers which we can use for parsing it with (if app=jabber, we can use XMPP for parsing the details).

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL

Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL  The Splunk AI Assistant for SPL ...

Buttercup Games: Further Dashboarding Techniques (Part 5)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...

Customers Increasingly Choose Splunk for Observability

For the second year in a row, Splunk was recognized as a Leader in the 2024 Gartner® Magic Quadrant™ for ...
Top