Getting error while performing below mentioned search
_ index=symantec sourcetype=sep12:risk NOT actual_action= "Details pending" dest_nt_host=* | table dest hash_value | vt field="hash_value"_
Search Factory: Unknown search command 'vt'.
Check if you have required app installed on Splunk Cloud search-head, looks you are referring to
VirusTotal Malware Lookup for Splunk: https://splunkbase.splunk.com/app/4283
If not, raise a request for Splunk support for app installation.
you likely need to set the commands.conf value to point to the app's python file, or you're not searching within the app
