Splunk Search

Anybody have an idea for base64 decoding of fields in Splunk 6.5

las
Contributor

Hi.

I have upgraded to Splunk 6.5, and have a new source, with some base64 encoded values.
I have tried looking at the varios add-ons, I could find, but none of them seems to support Splunk6.5.

Any ideas are welcome.

Thanks.

1 Solution

rjthibod
Champion

I don't think there is any other option (right now) than building your own command if you can't use an existing add-on/app.

Note, many times an add-on or an app built for 6.2 or 6.3 will actually work on 6.5 - the author hasn't tested or indicated as such on Splunkbase.

Regardless, looking at either of the two old apps/add-ons may be an opportunity for you to learn the ins and outs of building your own SPL commands.

View solution in original post

AVOLLMER
Explorer

I built a macro to convert base64 fields and append them to your search results since I wasn't able to install apps with my privileges.
https://answers.splunk.com/answers/35521/base64-decoding-in-search.html

0 Karma

rjthibod
Champion

I don't think there is any other option (right now) than building your own command if you can't use an existing add-on/app.

Note, many times an add-on or an app built for 6.2 or 6.3 will actually work on 6.5 - the author hasn't tested or indicated as such on Splunkbase.

Regardless, looking at either of the two old apps/add-ons may be an opportunity for you to learn the ins and outs of building your own SPL commands.

Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...