All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Can you help me translate/transcribe ssl_version values in Stream app SSLActivity source?

bryan_dady
Explorer
‎09-17-2018 01:38 PM

I can't find an affirmative document / release note, so if you know, please clarify when this ssl_version field was added to the Splunk Stream app.

I am trying to add the ssl_version field to a dashboard, But the values showing in this field do not match up to SSL/TLS versions I recognize.

We're running Splunk Stream 7.1.2 on Splunk Enterprise 6.6.7. I don't find any field reference in the current Stream App documentation, or in Stream Field Details.

The sample events I'm seeing are all showing a value of "3.3".

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

bryan_dady
Explorer
‎09-17-2018 04:03 PM

I think I got it - I hope this is helpful to others ...

| eval tls_version = case(ssl_version=="3.1", "1.0", ssl_version=="3.2", "1.1", ssl_version=="3.3", "1.2", ssl_version=="undefined", "n/a", true(), "other")

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

bryan_dady
Explorer
‎09-17-2018 04:03 PM

I think I got it - I hope this is helpful to others ...

| eval tls_version = case(ssl_version=="3.1", "1.0", ssl_version=="3.2", "1.1", ssl_version=="3.3", "1.2", ssl_version=="undefined", "n/a", true(), "other")
0 Karma
Reply
Get Updates on the Splunk Community!

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Your Next Big Security Credential: No Prerequisites Needed We know you’ve got the skills, and now, earning the ...

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

This is the sixth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...

Splunk Answers Content Calendar, July Edition I

Hello Community! Welcome to another month of Community Content Calendar series! For the month of July, we will ...