Solved: Feature / Workaround request: Add data to Splunk f...

mlulmer · ‎11-08-2011

Current EVENT logs from estreamer client pulls the following example record:

Tue Nov 1 23:59:59 2011 sensor_id=66 event_id=26 event_sec=1320217199 event_usec=459249 sid=13249 gen=1 rev=4 class=33 priority=1 src_addr=10.11.12.13 dst_addr=10.31.1.21 src_port=53 dst_port=51211 ip_proto=17 impact_flag=1 pad=1024

The numeric values do not provide the best information. Can you get the RULE record and show the textual message for the rule that fired (sid=13249). Also retrieve the class=33 text value and the sensor_id=66 hostname value. This would make this app more usable for us.

Thanks.

athana · ‎11-22-2011

mlulmer - Thank you for your suggestions, I will add these features to the new version of the app.

View solution in original post

athana · ‎03-26-2012

I just want to let you know that I posted the new version of Splunk for Sourcefire app (v2.0), which include your feature request.

athana · ‎11-22-2011

mlulmer - Thank you for your suggestions, I will add these features to the new version of the app.

Feature / Workaround request: Add data to Splunk for Sourcefire

What's New in Splunk Observability - October 2025

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Are you a member of the Splunk Community?

Feature / Workaround request: Add data to Splunk for Sourcefire

What's New in Splunk Observability - October 2025

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...