imsidr
commented
2 weeks ago support Case [3521345]created
Open imsidr opened 2 weeks ago
imsidr
commented
2 weeks ago support Case [3521345]created
rjha-splunk
commented
2 weeks ago Update : Support is working on it.
Was the issue replicated by support? yes
What is the sc4s version ? 3.19.0
Which operating system (including its version) are you using for hosting SC4S? docker container
Which runtime (Docker, Podman, Docker Swarm, BYOE, MicroK8s) are you using for SC4S? docker
Is there a pcap available? If so, would you prefer to attach it to this issue or send it to Splunk support?
Is the issue related to the environment of the customer or Software related issue? Not Sure
Is it related to Data loss, please explain ? Protocol? Hardware specs?
Last chance index/Fallback index? sc4s index
Is the issue related to local customization? Not sure
Do we have all the default indexes created? NA
Describe the bug host field is showing as adp applied parser provided in https://github.com/splunk/splunk-connect-for-syslog/issues/2459 which now stand deleted because we had sensitive data posted over that sharing the parser below -
block parser app-dest-new-cef() { channel { parser { add-contextual-data( selector("${SOURCEIP}"), database("conf.d/local/context/host.csv") ); }; }; };
application app-dest-new-cef[sc4s-finalfilter] { filter { tags(".source.s_INFOBLOX_NIOS_THREAT"); }; parser { app-dest-new-cef(); }; };