Get your BINARY data into Splunk

In a world of text log files and JSON over HTTP, do not forget about the absolute treasure trove of incredibly valuable binary data that can be captured and preprocessed.

To name just a few examples :

  • proprietary industry protocols such as MATIP in Aviation or ISO8583 in Payments Processing
  • media files , images/audio/video
  • compressed data
  • encrypted data
  • binary application dumps

A few years ago I wrote a really cool free and open source Splunk App called Protocol Data Inputs (PDI), in use by many customers today, that allows you to capture any data (binary or text) and then preprocess it for textual indexing in Splunk.

Check out some of the content in these blogs and presentations, I hope you can get some inspiration from them and start looking around for what binary data you have to unleash!

Protocol Data Inputs

Data Obfuscation in Splunk Enterprise

Send Data to Splunk via an authenticated TCP Input

Sending compressed payloads to Splunk

Please follow and like us:

Author: Damien Dallimore

After the better part of a decade working at Splunk as Worldwide Developer Evangelist, Damien's accumulated body of work has been extensively downloaded and installed in Splunk customer production environments globally, in fact, he is the most downloaded and production installed individual developer in the history of Splunk and many of his creations have become de facto standards in their respective domains, spanning public and private sector customers and all verticals that Splunk touches.He has presented to Splunk developers on the global stage at all sizes of Splunk and Industry developer events and been a trailblazer for countless other Splunk Apps, Tools, SDKS, Frameworks and Developer Initiatives.Damien founded BaboonBones and personally oversees all of the team's development and support.

Leave a Reply

Your email address will not be published. Required fields are marked *