Can someone explain why the "status_code" and "rep" fields below are necessary to identify uncategorized URLs in the App for McAfee Web Gateway?
index=mwg sourcetype=MWGaccess3 status_code!=407 status_code="5*" urlc="-" rep!="-"
by excluding 5xx status codes you filter out various connectoins problems (like inability to resolve the destination host).
'rep!="-"' means include results where the Trusted Source Database was queried. In other case the results will include hosts from the white list.
In case you don't get an answer here, you can always contact the developer of the app directly. The contact information for the developer of an app is found on the bottom right panel of the app's page:
For the this particular app, they also put their contact information at the bottom of the Overview tab which is email@example.com