-
Notifications
You must be signed in to change notification settings - Fork 200
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Can't used --JSON-input from JSON (export from Splunk) #1083
Comments
@haicoiok Unfortunately we don't support all JSON formats at the moment and haven't tested with JSON files exported from splunk. If you can create a JSON file that we can test we can see if it is possible to support it. |
@YamatoSecurity This sample data export from Splunk. "Deleted Data" |
@haicoiok Thanks! |
@YamatoSecurity I found the cause.
|
Hello! I hope you are doing well. I would like to bring to your attention a minor issue I have encountered with a feature. I have noticed that the JSON output downloaded from Splunk Web is different from the JSON output downloaded from Splunk REST API. This is why Hayabusa can't scan through JSON fetched via REST API. Would you address this issue in the next update? Thank you! |
@chacobsa Thank you for letting us know. Is it possible to provide a sample JSON file downloaded from the Splunk REST API to test? |
@YamatoSecurity |
@chacobsa Thank you! We will take a look at it. |
…rmation output in Details fields #1083
…ut-from-json-export-from-splunk-rest-api feat(main): adjusted splunk api json format #1083
Can you please assist me in utilizing the DFIR Timeline feature from a JSON file exported from Splunk? I am currently facing difficulties in executing this task.
The text was updated successfully, but these errors were encountered: