Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Feature / Workaround request: Add data to Splunk for Sourcefire

mlulmer
Explorer
‎11-08-2011 03:11 PM

Current EVENT logs from estreamer client pulls the following example record:

Tue Nov 1 23:59:59 2011 sensor_id=66 event_id=26 event_sec=1320217199 event_usec=459249 sid=13249 gen=1 rev=4 class=33 priority=1 src_addr=10.11.12.13 dst_addr=10.31.1.21 src_port=53 dst_port=51211 ip_proto=17 impact_flag=1 pad=1024

The numeric values do not provide the best information. Can you get the RULE record and show the textual message for the rule that fired (sid=13249). Also retrieve the class=33 text value and the sensor_id=66 hostname value. This would make this app more usable for us.

Thanks.

Reply
1 Solution
Solved! Jump to solution
Solution

athana
Splunk Employee
Splunk Employee
‎11-22-2011 06:39 PM

mlulmer - Thank you for your suggestions, I will add these features to the new version of the app.

View solution in original post

Reply
Solved! Jump to solution

athana
Splunk Employee
Splunk Employee
‎03-26-2012 10:30 AM

I just want to let you know that I posted the new version of Splunk for Sourcefire app (v2.0), which include your feature request.

Reply
Solved! Jump to solution
Solution

athana
Splunk Employee
Splunk Employee
‎11-22-2011 06:39 PM

mlulmer - Thank you for your suggestions, I will add these features to the new version of the app.

Reply
Get Updates on the Splunk Community!

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...