Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Having a base64 decoding problem in Splunk 9- How to decode Idap-events?

rrovers
Contributor
‎03-13-2023 05:19 AM

After installing splunk 9 we have a problem with decoding ldap-events. We tried several apps but none of them gave us correct results.

We wanted to use the app "Encode / Decode Data for Splunk" but we can't find any instructions of how to use it.

Does anyone have experience with base64 decoding in splunk 9?

0 Karma
Reply

vnarahari
Loves-to-Learn Lots
‎01-09-2024 09:27 AM

We had the same problem initially and found more details about code command usage under \TA-code\default\searchbnf.conf

We are able to decode the URL or process using | code method=base64 field=encodedcommand action=decode destfield=decoded_command key=abc123 but when we stats the decoded_command it gives the result as "p".

I tried the base64 conversion matrix macro as well, it does the same p thing. 

vnarahari_0-1704821064925.png

Can anyone help?

0 Karma
Reply

rrovers
Contributor
‎01-09-2024 10:42 PM

Later we have used an app named decrypt2 and it worked for us with this syntax:

 

| decrypt field=randomfield atob emit('randomfielddecrypt')
0 Karma
Reply

rrovers
Contributor
‎03-17-2023 01:51 AM

Answering my own question:

Syntax is like this:

| code field=randombase64field method=base64 action=decode destfield=test

unfortunately it doesn't decode diacritics correctly.

Does someone have a solution for that? Apps that worked fine in splunk 8 don't seem to work correct in splunk 9.

Reply
Get Updates on the Splunk Community!

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...

Splunk App Developers | .conf25 Recap & What’s Next

If you stopped by the Builder Bar at .conf25 this year, thank you! The retro tech beer garden vibes were ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...