All Apps and Add-ons

Splunk websense content gateway - URL's containing the ampersand (&) symbol are not been extracted correctly

gjanders
SplunkTrust
SplunkTrust

This post is for the team managing the WebSense content gateway add on, and for anyone else who experiences this issue.

For the websense:cg:kv sourcetype, the fields are been auto-extracted by the key=value method, as per Splunk's default.
The issue we are hitting with this is some URL's include the ampersand symbol, or &.

Due to this the entries such as:
url=http://pixel.yabidos.com/nflrc.gif?cb=1479701935398&ver=1.0r5&qid=636373f5936373f5930353&p=8CU3827QO...

Beomes many fields, the url becomes:
http://pixel.yabidos.com/nflrc.gif?cb=1479701935398

Which is problematic, we are working around this by creating the extraction:
url=(?P\S+)

But perhaps the application needs an update to handle this scenario.

0 Karma
1 Solution

gjanders
SplunkTrust
SplunkTrust

The question is actually answered in the post, however I would like a comment from anyone managing the application or anyone else expericing the issue...

View solution in original post

0 Karma

gjanders
SplunkTrust
SplunkTrust

The question is actually answered in the post, however I would like a comment from anyone managing the application or anyone else expericing the issue...

0 Karma
Get Updates on the Splunk Community!

Accelerate Service Onboarding, Decomposition, Troubleshooting - and more with ITSI’s ...

Accelerate Service Onboarding, Decomposition, Troubleshooting - and more! Faster Time to ValueManaging and ...

New Release | Splunk Enterprise 9.3

Admins and Analyst can benefit from:  Seamlessly route data to your local file system to save on storage ...

2024 Splunk Career Impact Survey | Earn a $20 gift card for participating!

Hear ye, hear ye! The time has come again for Splunk's annual Career Impact Survey!  We need your help by ...