Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

OS Impact of ADDON-21209 - Splunk Add-on for Unix and Linux - 'Description' field is not properly extracted from events for service.sh script in CentOS 7 configurations'

sh1pit76
Explorer
‎12-18-2019 07:44 AM

Our organization would like to deploy the Splunk Add-on for Unix and Linux to gain support for Python 3 on our 7.2.3 Splunk deployment. However, due to our having a large number of CentOS systems in our infrastrucutre, there is some concern over the potential OS impact of ADDON-21209. If anyone can elaborate a bit more on this issue, and help me understand the potential implications of running this Add-On on our network, I would greatly appreciate it.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

hkubavat_splunk
Splunk Employee
Splunk Employee
‎12-19-2019 02:40 AM

First of can you please help me to understand first why python 3 support in 7.2.3 Splunk. AFAIK python 3 support is in Quake(8.0.0).
Also, This addon is using shell script of data collection so there is not python code except the setup page. In this particular JIRA when field value contains the space than it gets trimmed.

[NIX] 'Description' field is not properly extracted from events for service.sh script in CentOS 7 configurations

Event indexed into Splunk

Tue Feb 5 14:52:21 IST 2019 type=systemctl UNIT=vmtoolsd.service, LOADED=loaded, ACTIVE=active, SUB=running, DESCRIPTION=Service for virtual machines hosted on VMware

Extracted field from event:

DESCRIPTION= Service

Here DESCRIPTION field got trimmed out and not properly extracted.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

hkubavat_splunk
Splunk Employee
Splunk Employee
‎12-19-2019 02:40 AM

First of can you please help me to understand first why python 3 support in 7.2.3 Splunk. AFAIK python 3 support is in Quake(8.0.0).
Also, This addon is using shell script of data collection so there is not python code except the setup page. In this particular JIRA when field value contains the space than it gets trimmed.

[NIX] 'Description' field is not properly extracted from events for service.sh script in CentOS 7 configurations

Event indexed into Splunk

Tue Feb 5 14:52:21 IST 2019 type=systemctl UNIT=vmtoolsd.service, LOADED=loaded, ACTIVE=active, SUB=running, DESCRIPTION=Service for virtual machines hosted on VMware

Extracted field from event:

DESCRIPTION= Service

Here DESCRIPTION field got trimmed out and not properly extracted.

0 Karma
Reply
Solved! Jump to solution

sh1pit76
Explorer
‎12-19-2019 08:46 AM

My mistake. The Python 3 support mention was related to another add-on that we were looking at. I am mainly looking for validation of my assessment, that this add-on would not present any performance or security risks to targeted CentOS systems. If all we have to worry about are missing, malformed, or trimmed fields, then I would think that the risks to remote CentOS systems are moot.

0 Karma
Reply
Get Updates on the Splunk Community!

Data-Driven Success: Splunk & Financial Services

Splunk streamlines the process of extracting insights from large volumes of data. In this fast-paced world, ...

Video | Welcome Back to Smartness, Pedro

Remember Splunk Community member, Pedro Borges? If you tuned into Episode 2 of our Smartness interview series, ...

Detector Best Practices: Static Thresholds

Introduction In observability monitoring, static thresholds are used to monitor fixed, known values within ...