Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Having a base64 decoding problem in Splunk 9- How to decode Idap-events?

rrovers
Contributor
‎03-13-2023 05:19 AM

After installing splunk 9 we have a problem with decoding ldap-events. We tried several apps but none of them gave us correct results.

We wanted to use the app "Encode / Decode Data for Splunk" but we can't find any instructions of how to use it.

Does anyone have experience with base64 decoding in splunk 9?

0 Karma
Reply

vnarahari
Loves-to-Learn Lots
‎01-09-2024 09:27 AM

We had the same problem initially and found more details about code command usage under \TA-code\default\searchbnf.conf

We are able to decode the URL or process using | code method=base64 field=encodedcommand action=decode destfield=decoded_command key=abc123 but when we stats the decoded_command it gives the result as "p".

I tried the base64 conversion matrix macro as well, it does the same p thing. 

vnarahari_0-1704821064925.png

Can anyone help?

0 Karma
Reply

rrovers
Contributor
‎01-09-2024 10:42 PM

Later we have used an app named decrypt2 and it worked for us with this syntax:

 

| decrypt field=randomfield atob emit('randomfielddecrypt')
0 Karma
Reply

rrovers
Contributor
‎03-17-2023 01:51 AM

Answering my own question:

Syntax is like this:

| code field=randombase64field method=base64 action=decode destfield=test

unfortunately it doesn't decode diacritics correctly.

Does someone have a solution for that? Apps that worked fine in splunk 8 don't seem to work correct in splunk 9.

Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Register for .conf25!
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

 Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What's New in Splunk Observability - August 2025

What's New We are excited to announce the latest enhancements to Splunk Observability Cloud as well as what is ...

Introduction to Splunk AI

How are you using AI in Splunk? Whether you see AI as a threat or opportunity, AI is here to stay. Lucky for ...