Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

OS Impact of ADDON-21209 - Splunk Add-on for Unix and Linux - 'Description' field is not properly extracted from events for service.sh script in CentOS 7 configurations'

sh1pit76
Explorer
‎12-18-2019 07:44 AM

Our organization would like to deploy the Splunk Add-on for Unix and Linux to gain support for Python 3 on our 7.2.3 Splunk deployment. However, due to our having a large number of CentOS systems in our infrastrucutre, there is some concern over the potential OS impact of ADDON-21209. If anyone can elaborate a bit more on this issue, and help me understand the potential implications of running this Add-On on our network, I would greatly appreciate it.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

hkubavat_splunk
Splunk Employee
Splunk Employee
‎12-19-2019 02:40 AM

First of can you please help me to understand first why python 3 support in 7.2.3 Splunk. AFAIK python 3 support is in Quake(8.0.0).
Also, This addon is using shell script of data collection so there is not python code except the setup page. In this particular JIRA when field value contains the space than it gets trimmed.

[NIX] 'Description' field is not properly extracted from events for service.sh script in CentOS 7 configurations

Event indexed into Splunk

Tue Feb 5 14:52:21 IST 2019 type=systemctl UNIT=vmtoolsd.service, LOADED=loaded, ACTIVE=active, SUB=running, DESCRIPTION=Service for virtual machines hosted on VMware

Extracted field from event:

DESCRIPTION= Service

Here DESCRIPTION field got trimmed out and not properly extracted.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

hkubavat_splunk
Splunk Employee
Splunk Employee
‎12-19-2019 02:40 AM

First of can you please help me to understand first why python 3 support in 7.2.3 Splunk. AFAIK python 3 support is in Quake(8.0.0).
Also, This addon is using shell script of data collection so there is not python code except the setup page. In this particular JIRA when field value contains the space than it gets trimmed.

[NIX] 'Description' field is not properly extracted from events for service.sh script in CentOS 7 configurations

Event indexed into Splunk

Tue Feb 5 14:52:21 IST 2019 type=systemctl UNIT=vmtoolsd.service, LOADED=loaded, ACTIVE=active, SUB=running, DESCRIPTION=Service for virtual machines hosted on VMware

Extracted field from event:

DESCRIPTION= Service

Here DESCRIPTION field got trimmed out and not properly extracted.

0 Karma
Reply
Solved! Jump to solution

sh1pit76
Explorer
‎12-19-2019 08:46 AM

My mistake. The Python 3 support mention was related to another add-on that we were looking at. I am mainly looking for validation of my assessment, that this add-on would not present any performance or security risks to targeted CentOS systems. If all we have to worry about are missing, malformed, or trimmed fields, then I would think that the risks to remote CentOS systems are moot.

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...