All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

aws:sqs:securityhub splunk sourcetype jason format

Splunk_rocks
Path Finder
‎08-11-2019 01:22 PM

Hello,
Any one have any luck with extracting jason format data for sourcetype foraws:sqs:securityhub.
Currently that sorcetype not extracting properly . Any help will be appreciated ..

0 Karma
Reply

livehybrid
SplunkTrust
SplunkTrust
‎08-11-2019 02:13 PM

Hi!
Im not sure if any apps currently extract fields from the aws:sqs:securityhub sourcetype. Is this as sourcetype that you have defined in your Splunk instance?
If so, does it match what you'd expect to see?
Im not familiar with this sourcetype, but is it JSON format? If so, I'd consider adding your own sourcetype and setting kvmode=json

Let me know

Will

0 Karma
Reply

Splunk_rocks
Path Finder
‎08-11-2019 02:37 PM

Please Im aware all this settings and already using those in my props file its not parsing all fields properly so who ever ingested AWS data they may have experienced same issues.
so im looking more in depth answer who ever used this sourcetype ... not simple props transforms things ..

TIA..

0 Karma
Reply

Aatom
Explorer
‎01-26-2021 08:52 PM

@Splunk_rocks 

Hey, I am having issues with SecurityHub parsing as well. Did you ever find a solution?

 

This is my issue. Let me know if you found a solution.

https://community.splunk.com/t5/Getting-Data-In/How-to-SEDCMD-nested-json-calculated-as-string/m-p/5...

 

Thanks!

 

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Community Content Calendar, September edition

Welcome to another insightful post from our Community Content Calendar! We're thrilled to continue bringing ...

Splunkbase Unveils New App Listing Management Public Preview

Splunkbase Unveils New App Listing Management Public PreviewWe're thrilled to announce the public preview of ...

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you leveraging automation to its fullest potential in your threat detection strategy?Our upcoming Security ...