Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to create your own add-on? | How to parse unusual logs?

splunky_diamond
Path Finder
‎05-19-2024 12:52 AM

Hello Splunkers!

I am collecting logs from Fudo PAM for which I haven't found any suitable existing add-on on the Splunk Base website. The logs are being collected over syslog, yet the regular "syslog" sourcetype doesn't suit the events coming from my source. I was searching the web for some tutorials on how to create your own add-on in Splunk in order to parse the unusual logs like in my case, but I haven't found any. 

Could someone please help me with that? Does anyone have any tutorial or guide on how to create your own parser, or can maybe explain what is needed for that, in case it's not a difficult task?

If someone decides to provide answer themselves, by explaining how to create your own add-on, I would really appreciate detailed description that will involve such notes as: required skills, difficulty, how long it will take, and whether it's the best practice in such situations or there are more efficient ways.

Again, the main goal for me is to get my logs from Fudo PAM (coming over syslog) parsed properly. 

Thank you for taking your time reading my post and replying to it ❤️

Labels (4)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎05-19-2024 02:18 AM

Hi @splunky_diamond ,

the best guide in ad-on creation is the Splunk Add-On Builder app (https://splunkbase.splunk.com/app/2962).

It guides you in the creation and in the normalization of your data to have a CIM compliant data flow that you can use also in ES or ITSI.

Ciao.

Giuseppe

View solution in original post

Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎05-19-2024 02:18 AM

Hi @splunky_diamond ,

the best guide in ad-on creation is the Splunk Add-On Builder app (https://splunkbase.splunk.com/app/2962).

It guides you in the creation and in the normalization of your data to have a CIM compliant data flow that you can use also in ES or ITSI.

Ciao.

Giuseppe

Reply
Solved! Jump to solution

splunky_diamond
Path Finder
‎05-19-2024 02:41 AM

Thank you very much @gcusello ! 

You never fail to deliver best solutions for splunk newbies like me 🙂

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎05-19-2024 03:00 AM

Hi @splunky_diamond ,

it's always a pleasure!

Ciao.

Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

For the past four years, Splunk has partnered with Enterprise Strategy Group to conduct a survey that gauges ...

Data-Driven Success: Splunk & Financial Services

Splunk streamlines the process of extracting insights from large volumes of data. In this fast-paced world, ...