Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

how to input encrypted files like PGP encrypted files

VSIRIS
Path Finder
‎06-29-2020 08:22 AM

Hello Everyone,

Does anyone know if there is any method in Splunk to index encrypted input files like PGP encrypted files.

@ashish9433 

Labels (2)
Labels
Tags (1)
Reply

ashish9433
Communicator
‎06-29-2020 08:30 AM

Hey,

There is no direct way of onboarding encrypted data to Splunk. In case there is a requirement to do so, you can go ahead and write a script (python/shell) that access the API of encrypted source, parse it and send it to Splunk.

There is a python library to address this 

https://pypi.org/project/py-pgp/

 

The below code should be a starter for you

import pgpy

emsg = pgpy.PGPMessage.from_file(<path to the file from the client that was encrypted using your public key>)
key,_  = pgpy.PGPKey.from_file(<path to your private key>)
with key.unlock(<your private key passpharase>):
    print (key.decrypt(emsg).message)

 

Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...