All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

aws:sqs:securityhub splunk sourcetype jason format

Splunk_rocks
Path Finder
‎08-11-2019 01:22 PM

Hello,
Any one have any luck with extracting jason format data for sourcetype foraws:sqs:securityhub.
Currently that sorcetype not extracting properly . Any help will be appreciated ..

0 Karma
Reply

livehybrid
SplunkTrust
SplunkTrust
‎08-11-2019 02:13 PM

Hi!
Im not sure if any apps currently extract fields from the aws:sqs:securityhub sourcetype. Is this as sourcetype that you have defined in your Splunk instance?
If so, does it match what you'd expect to see?
Im not familiar with this sourcetype, but is it JSON format? If so, I'd consider adding your own sourcetype and setting kvmode=json

Let me know

Will

0 Karma
Reply

Splunk_rocks
Path Finder
‎08-11-2019 02:37 PM

Please Im aware all this settings and already using those in my props file its not parsing all fields properly so who ever ingested AWS data they may have experienced same issues.
so im looking more in depth answer who ever used this sourcetype ... not simple props transforms things ..

TIA..

0 Karma
Reply

Aatom
Explorer
‎01-26-2021 08:52 PM

@Splunk_rocks 

Hey, I am having issues with SecurityHub parsing as well. Did you ever find a solution?

 

This is my issue. Let me know if you found a solution.

https://community.splunk.com/t5/Getting-Data-In/How-to-SEDCMD-nested-json-calculated-as-string/m-p/5...

 

Thanks!

 

0 Karma
Reply
Get Updates on the Splunk Community!

New Year, New Changes for Splunk Certifications

As we embrace a new year, we’re making a small but important update to the Splunk Certification ...

Stay Connected: Your Guide to January Tech Talks, Office Hours, and Webinars!

What are Community Office Hours? Community Office Hours is an interactive 60-minute Zoom series where ...

[Puzzles] Solve, Learn, Repeat: Reprocessing XML into Fixed-Length Events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...