Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Why is stream:http not showing

mchlbooth
New Member
‎02-14-2020 03:00 PM

I'm very new too splunk and using the botsv1-attack-only file to begin learning, please be gentle.

When I do an initial search with index="botsv1" imreallynotbatman.com the sourcetype is only showing two values of data-2 and botsv1_data_set/var/lib/splunk/botsv1/db/db_1470868141_1470799731_28/rawdata/journal. I'm not seeing results for the splunk add-ons such as stream and suricata. When sourcetype="stream:http" is added to the search no events are returned. I have no idea why this is happening. The search is set to All time and verbose mode.

Many thanks in advance.

0 Karma
Reply

pizzadudehd
New Member
‎09-15-2021 06:13 PM

I am having the same issue, were you able to find the solution to this. @mchlbooth 

0 Karma
Reply
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!

Get Updates on the Splunk Community!