All Apps and Add-ons

MimeCast 3.1.1 - Fields encapsulated with "

simonsigre
Path Finder

It appears the latest (3.1.1) version of the Splunk TA has fields extracted including the surrounding speech marks.
e.g.

"Attempt Greylisted"
"Policy level Anti-Spoofing applied"
"SPF Sender Invalid"
"Failed Known address verification"
"[MCSpamSignature.r.s.195.344]"
"[MCSpamSignature.r.s.94.219]"
..etc

This is the case for most fields.

0 Karma

thambisetty
Super Champion

upgrade your TA to latest version. latest version TA has got the fix for that.

————————————
If this helps, give a like below.
0 Karma

simonsigre
Path Finder

We know.. we worked with MimeCast to fix it for them 🙂

0 Karma

woodcock
Esteemed Legend

Just edit the extractions in the local directory of the app and modify them to not include them.

0 Karma
*NEW* Splunk Love Promo!
Snag a $25 Visa Gift Card for Giving Your Review!

It's another Splunk Love Special! For a limited time, you can review one of our select Splunk products through Gartner Peer Insights and receive a $25 Visa gift card!

Review:





Or Learn More in Our Blog >>