traceroute command

This add on is a traceroute Splunk command that takes an address field (ip or hostname) in your events and traces the route to the address from the Splunk indexer. It uses a default of 2 second timeouts per hop, 20 hops max, and stops searching after it finds 5 non-responsive addresses per IP query. All of this is configurable in the Python command. Credit goes to Leonid Grinberg for providing a sample to build the code from https://github.com/leonidg/Poor-Man-s-traceroute. Results go to a new field called traceroute in the [num] address [num] address ... format. Note: the command requires root (sudo) or Administrator access to run. If you start Splunk as a root user, you must continue to use it as root as root now owns the Splunk index files. Do not go back and forth from root to the normal user. See the README.txt for installation. Usage: | traceroute

Built by Nimish Doshi

Latest Version 1.0.2

April 24, 2024

Compatibility

Not Available

Platform Version: 9.4, 9.3, 9.2, 9.1, 9.0, 8.2

Rating

0

(0)

Log in to rate this app

Support

Not Supported

This add on is a traceroute Splunk command that takes an address field (ip or hostname) in your events and traces the route to the address from the Splunk indexer. It uses a default of 2 second timeouts per hop, 20 hops max, and stops searching after it finds 5 non-responsive addresses per IP query. All of this is configurable in the Python command. Credit goes to Leonid Grinberg for providing a sample to build the code from https://github.com/leonidg/Poor-Man-s-traceroute. Results go to a new field called traceroute in the [num] address [num] address ... format. Note: the command requires root (sudo) or Administrator access to run. If you start Splunk as a root user, you must continue to use it as root as root now owns the Splunk index files. Do not go back and forth from root to the normal user. See the README.txt for installation. Usage: | traceroute