Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Having a base64 decoding problem in Splunk 9- How to decode Idap-events?

rrovers
Communicator
‎03-13-2023 05:19 AM

After installing splunk 9 we have a problem with decoding ldap-events. We tried several apps but none of them gave us correct results.

We wanted to use the app "Encode / Decode Data for Splunk" but we can't find any instructions of how to use it.

Does anyone have experience with base64 decoding in splunk 9?

Labels (1)
Labels
0 Karma
Reply

rrovers
Communicator
‎03-17-2023 01:51 AM

Answering my own question:

Syntax is like this:

| code field=randombase64field method=base64 action=decode destfield=test

unfortunately it doesn't decode diacritics correctly.

Does someone have a solution for that? Apps that worked fine in splunk 8 don't seem to work correct in splunk 9.

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | Why do they call it hyper text?

November 2023 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

State of Splunk Careers 2023: Career Resilience and the Continued Value of Splunk

For the past three years, Splunk has partnered with Enterprise Strategy Group to conduct a survey that gauges ...

The Great Resilience Quest: 9th Leaderboard Update

The ninth leaderboard update (11.9-11.22) for The Great Resilience Quest is out >> Kudos to all the ...