Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to provide a valid start time for the Tenable add-on input?

hettervik
Builder
‎02-14-2022 05:40 AM

Hi. I'm trying to add a new input with the Tenable add-on: https://splunkbase.splunk.com/app/4060/

When adding a new input I can input a "start time" from when the add-on will start collection data from Tenable, as opposed to "all time" I suppose, but no matter how I format my timestamp, the add-on won't accept it. See screenshot. I've tried all sort of variations, but all fail. I've also looked at the documentation (https://docs.tenable.com/integrations/Splunk/Content/Splunk2/CreateInput.htm) which suggest another time format than the add-on itself (probably not updated), but that isn't working either.

Has anyone gotten this to work, and if so, what is the correct way of formating the timestamp?

hettervi_0-1644845813742.png

Labels (2)
Labels
0 Karma
Reply

etoombs
Path Finder
‎05-23-2022 11:41 AM

Mine is set formatted as:  2021-01-01T01:01:00Z

0 Karma
Reply

etoombs
Path Finder
‎05-23-2022 11:46 AM

I neglected to say that the Z is not representative. It is literally the character Z.

timestamp.png
Preview file
7 KB
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎05-23-2022 11:58 AM

The literal character 'Z' is representative of the GMT/UTC time zone.  It should be written as %Z in a time format string to ensure Splunk applies the right time zone.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

wanderson7
Explorer
‎05-21-2022 12:23 PM

Hi, I am not sure if this directly answers your question, but perhaps it could be of some help being that it is Tenable/Nessus related.

I recently developed a free open-source application called TenaPull, which processes Nessus data for ingestion by Splunk.  There is more information here:
https://community.splunk.com/t5/Getting-Data-In/I-developed-an-application-to-process-Nessus-data-fo...

GitHub repo:
https://github.com/billyJoePiano/TenaPull

Reply

richgalloway
SplunkTrust
SplunkTrust
‎02-14-2022 08:02 AM

The form says it wants a time in YYYY-mm-ddTHH:MM:SSZ format in the UTC timezone.  Have you tried 2022-01-01T00:01:01Z?

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

hettervik
Builder
‎02-14-2022 11:41 PM

Thanks, but the format you're suggesting was the first one I tried.

0 Karma
Reply
Get Updates on the Splunk Community!

Developer Spotlight with William Searle

The Splunk Guy: A Developer’s Path from Web to Cloud William is a Splunk Professional Services Consultant with ...

Major Splunk Upgrade – Prepare your Environment for Splunk 10 Now!

Attention App Developers: Test Your Apps with the Splunk 10.0 Beta and Ensure Compatibility Before the ...

Stay Connected: Your Guide to June Tech Talks, Office Hours, and Webinars!

What are Community Office Hours?Community Office Hours is an interactive 60-minute Zoom series where ...
Top