Archive2

Support for IPV6 in TA_nix add-on for linux_secure

Engager

Running Splunk 7.1.1 on Centos 7 with TA_nix add-on version 6.0.1

For the sourcetype linux_secure, the field extraction for src_ip works fine with IPV4 addresses but is not correctly populated for an IPV6 address.
For some time I've worked on the assumption that "if it doesn't work with IPV6 it's broken". Can I apply this assumption to TA_nix and report it as broken please?

Tags (2)
0 Karma
Reply