After installing splunk 9 we have a problem with decoding ldap-events. We tried several apps but none of them gave us correct results.
We wanted to use the app "Encode / Decode Data for Splunk" but we can't find any instructions of how to use it.
Does anyone have experience with base64 decoding in splunk 9?
Answering my own question:
Syntax is like this:
| code field=randombase64field method=base64 action=decode destfield=test
unfortunately it doesn't decode diacritics correctly.
Does someone have a solution for that? Apps that worked fine in splunk 8 don't seem to work correct in splunk 9.