TA_tshark (Network Input for Windows)

Splunk Community
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

TA_tshark (Network Input for Windows)

TA_tshark (Network Input for Windows)
This TA enables direct network input on Windows using tshark (part of Wireshark package), parsing (currently DNS traffic) and search time CIM mapping.. Possible use cases ------------------ - DNS Insight https://splunkbase.splunk.com/app/1827/ - DHCP Insight https://splunkbase.splunk.com/app/1837/ Installation ------------ - install Wireshark (you can deselect all components except tshark) - install TA-tshark on UF and configure forwarding - modifiy inputs.conf and bin/tcpdump.path if needed. The provided file is configured for Windows to capture port 53 (DNS) on first interface and defines the input as 'tshark:port53' sourcetype. - enable capture in inputs.conf (set disabled = 0) - restart UF Discuss the TA_tshark on Splunk Answers: http://answers.splunk.com/answers/app/4921 Contact ------- splunk@compek.net
Ask a Question View in Splunkbase
0 topics and 0 replies mentioned TA_tshark (Network Input for Windows) in
Latest Topics
No posts to display.
Latest Replies
No posts to display.
Top Topics
No posts to display.
My Topics
No posts to display.