cwadhwani-splunk
commented
2 months ago Hi @lavanyakommineni
Please create a support ticket and attach a PCAP file there so that we can get the raw logs to work this issue.
Closed lavanyakommineni closed 1 week ago
cwadhwani-splunk
commented
2 months ago Hi @lavanyakommineni
Please create a support ticket and attach a PCAP file there so that we can get the raw logs to work this issue.
cwadhwani-splunk
commented
1 week ago Closing this issue as the reported issue is the way sc4s is designed and also due to unavailability of the PCAP file.
Was the issue replicated by support? No
What is the sc4s version ? 3.27.0
Which operating system (including its version) are you using for hosting SC4S? ubuntu
Which runtime (Docker, Podman, Docker Swarm, BYOE, MicroK8s) are you using for SC4S? Docker
Is there a pcap available? If so, would you prefer to attach it to this issue or send it to Splunk support? upon request
Is the issue related to the environment of the customer or Software related issue? software related
Is it related to Data loss, please explain ? NA Protocol? Hardware specs?
Last chance index/Fallback index? sc4s index
Is the issue related to local customization? No
Do we have all the default indexes created? yes
Describe the bug all sources related rsa are being written as program:$date etc
To Reproduce Steps to reproduce the behavior: 1.Go to '...' splunk SH cluster 2.Click on '....' query index=rsa sc4s_loghost=* 3.Scroll down to '....' 4.See error