Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to provide a valid start time for the Tenable add-on input?

hettervik
Builder
‎02-14-2022 05:40 AM

Hi. I'm trying to add a new input with the Tenable add-on: https://splunkbase.splunk.com/app/4060/

When adding a new input I can input a "start time" from when the add-on will start collection data from Tenable, as opposed to "all time" I suppose, but no matter how I format my timestamp, the add-on won't accept it. See screenshot. I've tried all sort of variations, but all fail. I've also looked at the documentation (https://docs.tenable.com/integrations/Splunk/Content/Splunk2/CreateInput.htm) which suggest another time format than the add-on itself (probably not updated), but that isn't working either.

Has anyone gotten this to work, and if so, what is the correct way of formating the timestamp?

hettervi_0-1644845813742.png

Labels (2)
Labels
0 Karma
Reply

etoombs
Path Finder
‎05-23-2022 11:41 AM

Mine is set formatted as:  2021-01-01T01:01:00Z

0 Karma
Reply

etoombs
Path Finder
‎05-23-2022 11:46 AM

I neglected to say that the Z is not representative. It is literally the character Z.

Preview file
7 KB
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎05-23-2022 11:58 AM

The literal character 'Z' is representative of the GMT/UTC time zone.  It should be written as %Z in a time format string to ensure Splunk applies the right time zone.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

wanderson7
Explorer
‎05-21-2022 12:23 PM

Hi, I am not sure if this directly answers your question, but perhaps it could be of some help being that it is Tenable/Nessus related.

I recently developed a free open-source application called TenaPull, which processes Nessus data for ingestion by Splunk.  There is more information here:
https://community.splunk.com/t5/Getting-Data-In/I-developed-an-application-to-process-Nessus-data-fo...

GitHub repo:
https://github.com/billyJoePiano/TenaPull

Reply

richgalloway
SplunkTrust
SplunkTrust
‎02-14-2022 08:02 AM

The form says it wants a time in YYYY-mm-ddTHH:MM:SSZ format in the UTC timezone.  Have you tried 2022-01-01T00:01:01Z?

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

hettervik
Builder
‎02-14-2022 11:41 PM

Thanks, but the format you're suggesting was the first one I tried.

0 Karma
Reply
Get Updates on the Splunk Community!

What's New in Splunk Enterprise 9.4: Features to Power Your Digital Resilience

Hey Splunky People! We are excited to share the latest updates in Splunk Enterprise 9.4. In this release we ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

SignalFlow: What? Why? How?

What is SignalFlow? Splunk Observability Cloud’s analytics engine, SignalFlow, opens up a world of in-depth ...