Closed fraserc182 closed 5 years ago
jorritfolmer
commented
5 years ago Do I understand correctly that the Kibana dashboards need JSON events that are very closely translated from DMARC XML reports? This is unrelated to Splunk right?
If you find the addon useful outside of Splunk, why don’t you create your own project based on it that does exactly what you need? It’s MIT licensed so go right ahead. I’d be happy to create a link in a new section “related projects”, or something similar.
fraserc182
commented
5 years ago Hi thanks for getting back to me! It is splunk I am using the dashboards in. On the parsedmarc page there are xml dashboards that are created for splunk which is what I am using, these can be used in kibana but I am using the splunk ones. These are the dashboards here: https://github.com/domainaware/parsedmarc/tree/master/splunk
However, this may be a moot point as I have just managed to get parsedmarc working after months of it just refusing to.
I'll just close this off for just now anyway and thanks for the help!
Hi,
The JSON output from the addon is not compliant with RFC 7489, is this something that could be sorted in the future? https://tools.ietf.org/html/rfc7489#appendix-C
The reason I am asking is because I am using your addon to ingest dmarc reports and then using parsedmarc (https://domainaware.github.io/parsedmarc/) to build dashboards. However, the dashboards are looking for fields that exist in compliant json outputs.
Thanks for making this as well, it's the only way I've managed to get dmarc data into splunk!
To get round this for the time being I am editing some of the field aliases and also will need to extract some new ones.