Getting Data In

How to provide a valid start time for the Tenable add-on input?

hettervi
Builder

Hi. I'm trying to add a new input with the Tenable add-on: https://splunkbase.splunk.com/app/4060/

When adding a new input I can input a "start time" from when the add-on will start collection data from Tenable, as opposed to "all time" I suppose, but no matter how I format my timestamp, the add-on won't accept it. See screenshot. I've tried all sort of variations, but all fail. I've also looked at the documentation (https://docs.tenable.com/integrations/Splunk/Content/Splunk2/CreateInput.htm) which suggest another time format than the add-on itself (probably not updated), but that isn't working either.

Has anyone gotten this to work, and if so, what is the correct way of formating the timestamp?

hettervi_0-1644845813742.png

Labels (2)
0 Karma

etoombs
Path Finder

Mine is set formatted as:  2021-01-01T01:01:00Z

0 Karma

etoombs
Path Finder

I neglected to say that the Z is not representative. It is literally the character Z.

0 Karma

richgalloway
SplunkTrust
SplunkTrust

The literal character 'Z' is representative of the GMT/UTC time zone.  It should be written as %Z in a time format string to ensure Splunk applies the right time zone.

---
If this reply helps you, an upvote would be appreciated.
0 Karma

wanderson7
Explorer

Hi, I am not sure if this directly answers your question, but perhaps it could be of some help being that it is Tenable/Nessus related.

I recently developed a free open-source application called TenaPull, which processes Nessus data for ingestion by Splunk.  There is more information here:

https://community.splunk.com/t5/Getting-Data-In/I-developed-an-application-to-process-Nessus-data-fo...

GitHub repo:
https://github.com/billyJoePiano/TenaPull

richgalloway
SplunkTrust
SplunkTrust

The form says it wants a time in YYYY-mm-ddTHH:MM:SSZ format in the UTC timezone.  Have you tried 2022-01-01T00:01:01Z?

---
If this reply helps you, an upvote would be appreciated.
0 Karma

hettervi
Builder

Thanks, but the format you're suggesting was the first one I tried.

0 Karma
Get Updates on the Splunk Community!

Improve Your Security Posture

Watch NowImprove Your Security PostureCustomers are at the center of everything we do at Splunk and security ...

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...