Hello,
I'm using the MISP42app for which i receive a lot of events from custom command that query the MISP API.
All that events are retrieve from search query like this one `| mispgetioc field1=xxx field2=yyyy filed3=uuu`(command)
I've create a new index called misp where i would like to put the events that i retrieve from the search.
For this i pipe the previous command with collect command like this | mispgetioc ... | collect index=misp.
When i go on index view i can see that my index is populated with events, so it means it works (from what i understand): (URL: http://localhost:9000/en-US/manager/misp42splunk/data/indexes#)
But unfortunately when in the search URL: http://localhost:9000/en-US/app/search/search i tap index=misp no events comes up:
Your index list shows that your events are from three months ago. You search timerange (last 30 days) doesn't cover this.
Your index list shows that your events are from three months ago. You search timerange (last 30 days) doesn't cover this.
Thank you very much for your answer,
indeed it was why i didn't see anything.