The props.conf FIELDALIAS for the field "rule" is bad, in both in [opsec] and [opsec:vpn]: (at least for v77 Firewalls)
FIELDALIAS-rule_for_opsec = policy_name as rule
This overwrites the default key=value field for the "rule" field, a numeric field in the data. In an ideal world we could get a rule # to rule name definition from the Firewalls in some lookup table, but most CP Admins know their rule #s pretty well...
The temporary fix (until the app is updated) is to add the following to a local/props.conf file:
[opsec]
FIELDALIAS-rule_for_opsec =
[opsec:vpn]
FIELDALIAS-rule_for_opsec =
H/T to Fellow SplunkTrustee @dshpritz for the FIELDALIAS kung foo!
The temporary fix (until the app is updated) is to add the following to a local/props.conf file:
[opsec]
FIELDALIAS-rule_for_opsec =
[opsec:vpn]
FIELDALIAS-rule_for_opsec =
H/T to Fellow SplunkTrustee @dshpritz for the FIELDALIAS kung foo!