All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Can you help me translate/transcribe ssl_version values in Stream app SSLActivity source?

bryan_dady
Explorer
‎09-17-2018 01:38 PM

I can't find an affirmative document / release note, so if you know, please clarify when this ssl_version field was added to the Splunk Stream app.

I am trying to add the ssl_version field to a dashboard, But the values showing in this field do not match up to SSL/TLS versions I recognize.

We're running Splunk Stream 7.1.2 on Splunk Enterprise 6.6.7. I don't find any field reference in the current Stream App documentation, or in Stream Field Details.

The sample events I'm seeing are all showing a value of "3.3".

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

bryan_dady
Explorer
‎09-17-2018 04:03 PM

I think I got it - I hope this is helpful to others ...

| eval tls_version = case(ssl_version=="3.1", "1.0", ssl_version=="3.2", "1.1", ssl_version=="3.3", "1.2", ssl_version=="undefined", "n/a", true(), "other")

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

bryan_dady
Explorer
‎09-17-2018 04:03 PM

I think I got it - I hope this is helpful to others ...

| eval tls_version = case(ssl_version=="3.1", "1.0", ssl_version=="3.2", "1.1", ssl_version=="3.3", "1.2", ssl_version=="undefined", "n/a", true(), "other")
0 Karma
Reply
*NEW* Splunk Love Promo!
Snag a $25 Visa Gift Card for Giving Your Review!

It's another Splunk Love Special! For a limited time, you can review one of our select Splunk products through Gartner Peer Insights and receive a $25 Visa gift card!

Review:





Or Learn More in Our Blog >>

Get Updates on the Splunk Community!