All Apps and Add-ons

Can you help me translate/transcribe ssl_version values in Stream app SSLActivity source?

bryan_dady
Explorer

I can't find an affirmative document / release note, so if you know, please clarify when this ssl_version field was added to the Splunk Stream app.

I am trying to add the ssl_version field to a dashboard, But the values showing in this field do not match up to SSL/TLS versions I recognize.

We're running Splunk Stream 7.1.2 on Splunk Enterprise 6.6.7. I don't find any field reference in the current Stream App documentation, or in Stream Field Details.

The sample events I'm seeing are all showing a value of "3.3".

0 Karma
1 Solution

bryan_dady
Explorer

I think I got it - I hope this is helpful to others ...

| eval tls_version = case(ssl_version=="3.1", "1.0", ssl_version=="3.2", "1.1", ssl_version=="3.3", "1.2", ssl_version=="undefined", "n/a", true(), "other")

View solution in original post

0 Karma

bryan_dady
Explorer

I think I got it - I hope this is helpful to others ...

| eval tls_version = case(ssl_version=="3.1", "1.0", ssl_version=="3.2", "1.1", ssl_version=="3.3", "1.2", ssl_version=="undefined", "n/a", true(), "other")
0 Karma
Get Updates on the Splunk Community!

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Your Next Big Security Credential: No Prerequisites Needed We know you’ve got the skills, and now, earning the ...

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

This is the sixth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...

Splunk Answers Content Calendar, July Edition I

Hello Community! Welcome to another month of Community Content Calendar series! For the month of July, we will ...