Splunk Search
Highlighted

searches on 7.2.0 doesnt works while on 7.1.6 and below it does work

Explorer

examples :
index=sentinelone (host="*") sourcetype=threats| fillnull siteName value="NULL" | search (siteName="Andre") |dedup id| makemv delim=", " "engines[]" | rename engines{} as Engines| rex field=Engines mode=sed "s/_/-/g" | top Engines

index=sentinelone (host="*") sourcetype=threats| fillnull siteName value="NULL" | search (siteName="Andre") | dedup id | rename fileDisplayName as Name | stats count(Name) as countName by Name | sort 15 - countName

it returns no results on 7.2.0 while returning results on 7.16 and below

Tags (2)
0 Karma