https://community.splunk.com/t5/All-Apps-and-Add-ons/Why-are-events-in-the-Splunk-Add-on-for-CyberArk-not-being/m-p/274522#M32012 <P>My fields are still not being extracted!</P> <P>I replaced the original text with the Answers text:</P> <P>[cyberark_epv_cef_cyberark_pta_cef_extract_field_0]<BR /> REGEX = CEF:\s?(\d+)|((?:\||[^|]))|((?:\||[^|]))|((?:\||[^|]))|((?:\||[^|]))|((?:\||[^|]))|((?:\||[^|]))|[^\s|]+=.*<BR /> FORMAT = cef_cefVersion::$1 cef_vendor::$2 cef_product::$3 cef_version::$4 cef_signature::$5 cef_name::$6 cef_severity::$7</P> <P>in:</P> <P>/opt/splunk/etc/apps/Splunk_TA_cyberark/default/transforms.conf</P> <P>Is there something I'm missing here? any help is greatly appreciated.</P> Wed, 30 Sep 2020 01:14:10 GMT ChadLangUAB 2020-09-30T01:14:10Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Why-are-events-in-the-Splunk-Add-on-for-CyberArk-not-being/m-p/274517#M32007 <P>Why are events in the Splunk Add-on for CyberArk not being extracted? </P> Fri, 27 May 2016 13:54:36 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Why-are-events-in-the-Splunk-Add-on-for-CyberArk-not-being/m-p/274517#M32007 stefan1988 2016-05-27T13:54:36Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Why-are-events-in-the-Splunk-Add-on-for-CyberArk-not-being/m-p/274518#M32008 <P>Splunk Add-on for CyberArk is missing a space in a REGEX causing events not to be extracted. Please adjust the TA into:<BR /> [cyberark_epv_cef_cyberark_pta_cef_extract_field_0]<BR /> REGEX = CEF:\s?(\d+)|((?:\||[^|])<EM>)|((?:\||[^|])</EM>)|((?:\||[^|])<EM>)|((?:\||[^|])</EM>)|((?:\||[^|])<EM>)|((?:\||[^|])</EM>)|[^\s|]+=.*<BR /> FORMAT = cef_cefVersion::$1 cef_vendor::$2 cef_product::$3 cef_version::$4 cef_signature::$5 cef_name::$6 cef_severity::$7</P> Tue, 29 Sep 2020 09:49:21 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Why-are-events-in-the-Splunk-Add-on-for-CyberArk-not-being/m-p/274518#M32008 piebob 2020-09-29T09:49:21Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Why-are-events-in-the-Splunk-Add-on-for-CyberArk-not-being/m-p/274519#M32009 <P>thanks, there wasn't a way to make you also the answerer, stefan. in the future, please try and post as questions and answers. <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Fri, 27 May 2016 14:19:50 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Why-are-events-in-the-Splunk-Add-on-for-CyberArk-not-being/m-p/274519#M32009 piebob 2016-05-27T14:19:50Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Why-are-events-in-the-Splunk-Add-on-for-CyberArk-not-being/m-p/274520#M32010 <P>Hello,</P> <P>should i change the regex on every node of a distributed installation? Could you please change this in the Addon and release a new version? Would be really usefully.</P> <P>regards<BR /> Andreas</P> Mon, 22 Aug 2016 08:57:15 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Why-are-events-in-the-Splunk-Add-on-for-CyberArk-not-being/m-p/274520#M32010 asartori 2016-08-22T08:57:15Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Why-are-events-in-the-Splunk-Add-on-for-CyberArk-not-being/m-p/274521#M32011 <P>Hello Andreas, </P> <P>You cant put this on your SH, that will do. </P> <P>regards<BR /> Stefan</P> Fri, 04 Nov 2016 12:51:53 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Why-are-events-in-the-Splunk-Add-on-for-CyberArk-not-being/m-p/274521#M32011 stefan1988 2016-11-04T12:51:53Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Why-are-events-in-the-Splunk-Add-on-for-CyberArk-not-being/m-p/274522#M32012 <P>My fields are still not being extracted!</P> <P>I replaced the original text with the Answers text:</P> <P>[cyberark_epv_cef_cyberark_pta_cef_extract_field_0]<BR /> REGEX = CEF:\s?(\d+)|((?:\||[^|]))|((?:\||[^|]))|((?:\||[^|]))|((?:\||[^|]))|((?:\||[^|]))|((?:\||[^|]))|[^\s|]+=.*<BR /> FORMAT = cef_cefVersion::$1 cef_vendor::$2 cef_product::$3 cef_version::$4 cef_signature::$5 cef_name::$6 cef_severity::$7</P> <P>in:</P> <P>/opt/splunk/etc/apps/Splunk_TA_cyberark/default/transforms.conf</P> <P>Is there something I'm missing here? any help is greatly appreciated.</P> Wed, 30 Sep 2020 01:14:10 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Why-are-events-in-the-Splunk-Add-on-for-CyberArk-not-being/m-p/274522#M32012 ChadLangUAB 2020-09-30T01:14:10Z